I was using firefox on the infected computer to read this post, but after I closed it and ran combofix, when I tried to open it again it says Firefox is already running. (I looked under taskmanager and there was no firefox.exe)
Also, I installed the Avira, and it notified me that explorer.exe, services.exe, winlogon.exe and some others are all infected with a trojan.
Here are the logs:
ComboFix 09-07-03.03 - Jennifer 07/05/2009 20:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.241 [GMT -4:00]
Running from: c:\documents and settings\Jennifer\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jennifer\Desktop\CFScript.txt.txt
FILE ::
"c:\windows\system32\kthn.exe"
"c:\windows\system32\qgceg1j0egbr.exe"
"c:\windows\system32\sgcag1j0egbr.dll"
"c:\windows\system32\vzplflr.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\blocklist.xml
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\bookmarkbackups\bookmarks-2009-06-26.json
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\bookmarkbackups\bookmarks-2009-06-27.json
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\bookmarkbackups\bookmarks-2009-06-28.json
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\bookmarkbackups\bookmarks-2009-07-03.json
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\bookmarkbackups\bookmarks-2009-07-05.json
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\bookmarks.html
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\cert_override.txt
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\cert8.db
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\chrome\userChrome-example.css
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\chrome\userContent-example.css
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\compatibility.ini
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\compreg.dat
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\content-prefs.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\cookies.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\downloads.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions.cache
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions.ini
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions.rdf
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\chrome.manifest
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\content\firefoxOverlay.xul
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\content\vsearchrecs_overlay.js
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\content\vvc_settings.xul
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\defaults\preferences\searchrecs.js
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\install.rdf
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\locale\en-US\vsr.dtd
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\locale\en-US\vsr.properties
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\compass_off.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\compass_on.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\family_filter_off.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\family_filter_on.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\feedback.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\help_icon.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\logo_disabled.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\logo_disabled_busy.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\logo_enabled.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\logo_enabled_busy.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\overlay.css
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\results_bg.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\send_icon.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\settings.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\supported_off_icon.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\supported_on_icon.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\veoh_disabled.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\veoh_enabled.png
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\extensions\searchrecs@veoh.com\skin\veoh_logo_icon.gif
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\formhistory.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\key3.db
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\localstore.rdf
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\mimeTypes.rdf
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\minidumps\cookies.sqlite.backup
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\minidumps\d49af6b4-2f9d-4394-9ab6-990895683876.dmp
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\minidumps\d49af6b4-2f9d-4394-9ab6-990895683876.extra
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\permissions.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\persdict.dat
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\places.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\pluginreg.dat
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\prefs.js
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\prefs.js.BAK
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\search.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\secmod.db
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\signons3.txt
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\urlclassifierkey3.txt
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\webappsstore.sqlite
c:\documents and settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\l0yquby2.default\xpti.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-07-04 02:58 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-04 02:58 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-29 06:37 . 2009-06-29 06:37 -------- d-----w- c:\windows\system32\kthn.exe
2009-06-29 03:48 . 2008-04-13 23:12 14336 ----a-w- c:\windows\system32\svchost.exe
2009-06-21 02:36 . 2009-06-21 02:36 -------- d-----w- c:\program files\7-Zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 03:12 . 2008-12-29 10:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 03:12 . 2009-01-30 04:50 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-29 10:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-29 10:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 04:39 . 2009-05-31 03:51 -------- d-----w- c:\documents and settings\Jennifer\Application Data\TeamViewer
2009-05-08 03:56 . 2009-04-18 23:50 -------- d-----w- c:\documents and settings\Jennifer\Application Data\U3
2009-05-07 15:32 . 2005-07-13 17:55 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-07-13 17:55 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-07-13 17:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2005-07-13 17:55 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-07-13 17:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 16:52 . 2009-04-07 16:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-07 16:51 . 2009-04-07 16:51 152576 ----a-w- c:\documents and settings\Jennifer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-04_03.00.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-13 18:14 . 2009-07-04 03:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-07-13 18:14 . 2009-07-04 02:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-07-13 18:14 . 2009-07-04 03:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-07-13 18:14 . 2009-07-04 02:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-13 17:56 . 2003-11-08 00:21 114688 c:\program files\Apoint\bak\Apoint.exe
2005-07-13 20:35 . 2004-08-09 13:03 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2005-07-13 20:35 . 2004-08-09 13:03 221184 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2005-07-13 20:27 . 2005-02-17 01:41 245760 c:\program files\Common Files\Sony Shared\TVTunerLib\bak\TVTLInstTool.exe
2007-07-20 19:21 . 2007-07-20 19:21 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
2005-07-13 18:58 . 2005-04-29 21:56 45056 c:\program files\Realtek\InstallShield\bak\AzMixerSel.exe
2005-07-13 20:33 . 2004-02-20 21:12 32768 c:\program files\Sony\ISB Utility\bak\ISBMgr.exe
2005-07-23 00:11 . 2005-06-03 14:16 81920 c:\program files\Sony\SonicStage\bak\SsAAD.exe
2005-07-13 20:20 . 2005-05-15 12:51 184320 c:\program files\Sony\VAIO Power Management\bak\SPMgr.exe
2005-07-23 00:23 . 2005-01-31 17:10 192512 c:\program files\Sony\VAIO Zone Remote Commander\bak\AvRmtCtr.exe
2006-11-17 15:09 . 2006-06-23 16:33 438359 c:\program files\Verizon\SmartBridge\bak\MotiveSB.exe
2005-07-13 17:55 . 2004-08-04 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2005-07-13 17:55 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
2005-07-13 17:56 . 2007-01-13 14:47 163840 c:\windows\system32\bak\hkcmd.exe
2005-07-13 17:56 . 2007-01-13 14:46 135168 c:\windows\system32\bak\igfxpers.exe
2005-07-13 17:56 . 2007-01-13 14:47 131072 c:\windows\system32\bak\igfxtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Google Update"="c:\documents and settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-29 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Jennifer\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
S3 DVC;USB DVC Svc;c:\windows\system32\drivers\DVC.sys [11/15/2008 10:15 PM 38604]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [11/28/2002 10:23 PM 39048]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S4 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718607297-4018761455-3513789977-1006Core.job
- c:\documents and settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 10:38]
2009-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718607297-4018761455-3513789977-1006UA.job
- c:\documents and settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 10:38]
2009-07-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-07-23 19:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}
mStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-05 20:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1718607297-4018761455-3513789977-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-07-06 20:57
ComboFix-quarantined-files.txt 2009-07-06 00:57
ComboFix2.txt 2009-07-04 03:04
Pre-Run: 24,063,107,072 bytes free
Post-Run: 24,044,204,032 bytes free
215 --- E O F --- 2009-06-10 17:27
--- HIJACKTHIS LOG ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:14 PM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) -
http://esupport.sony.com/VaioInfo.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/softwa ... Plugin.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O24 - Desktop Component 0: (no name) -
http://runehq.com/image/style/blue/header01.jpg--
End of file - 8376 bytes
Thanks again for all of your help