Jump to content

slurm810

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by slurm810

  1. I have a user that is infected with the windowsclick redirect. I got MBAM to install but could not get it to run, I tried renaming it but that didnt work. Here is a HJT log from the infected computer. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:19:16 PM, on 3/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\RightFax\Client\FaxCtrl.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\program files\captureeze97\capeze97.exe C:\WINDOWS\TEMP\oavn2fdc.exe C:\WINDOWS\TEMP\oavn2fdc.exe C:\Program Files\LibertyNET\LbrtyFaxMan.exe C:\DOCUME~1\shellyp\LOCALS~1\Temp\3212965233.exe C:\WINDOWS\TEMP\oavn2fdc.exe C:\WINDOWS\system32\faxman4.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {104c350e-77f9-424d-9715-72e595c7c671} - C:\WINDOWS\system32\ririvalo.dll O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: {a9da1a02-538a-674a-6b74-a2a60d006159} - {951600d0-6a2a-47b6-a476-a83520a1ad9a} - C:\WINDOWS\system32\aoxqsg.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [CPM0f5c8f5e] Rundll32.exe "c:\windows\system32\sesanujo.dll",a O4 - HKLM\..\Run: [rivuzaloha] Rundll32.exe "C:\WINDOWS\system32\bavavugo.dll",s O4 - HKCU\..\Run: [CaptureEze97] c:\program files\captureeze97\capeze97.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\oavn2fdc.exe O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\oavn2fdc.exe O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\shellyp\LOCALS~1\Temp\3212965233.exe O4 - HKUS\S-1-5-19\..\Run: [rivuzaloha] Rundll32.exe "C:\WINDOWS\system32\bavavugo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [rivuzaloha] Rundll32.exe "C:\WINDOWS\system32\bavavugo.dll",s (User 'NETWORK SERVICE') O4 - Global Startup: LbrtyFaxMan.lnk = C:\Program Files\LibertyNET\LbrtyFaxMan.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://companyweb O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} (M6 - VA Launcher) - http://voice.consolidated.net/webportal/plugins/VA.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135008145250 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173729126921 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} (Tekelec 6000 VM Player Launcher) - https://voice.consolidated.net/webportal/pl...ns/VMPlayer.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab? O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usastaffing.local O17 - HKLM\Software\..\Telephony: DomainName = usastaffing.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usastaffing.local O20 - AppInit_DLLs: C:\WINDOWS\system32\punidezu.dll aoxqsg.dll c:\windows\system32\sesanujo.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sesanujo.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sesanujo.dll O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10386 bytes
  2. Malwarebytes' Anti-Malware 1.33 Database version: 1668 Windows 5.1.2600 Service Pack 3 1/19/2009 11:58:34 PM mbam-log-2009-01-19 (23-58-34).txt Scan type: Quick Scan Objects scanned: 66361 Time elapsed: 4 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:03:20 AM, on 1/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\internet explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 14332 bytes
  3. Here is the Kaspersky log, running MBAM atm will post it and HJT log when they are done. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, January 19, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, January 20, 2009 03:08:58 Records in database: 1651128 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 92504 Threat name: 15 Infected objects: 61 Suspicious objects: 0 Duration of the scan: 01:40:24 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000\47F6DDE6.VBN Infected: Trojan-Downloader.JS.Agent.bi 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001\47F6DE57.VBN Infected: Exploit.Win32.IMG-WMF.v 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002\47F6DE61.VBN Infected: Trojan-Downloader.JS.Agent.bi 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00001\48F11021.VBN Infected: Exploit.Multi.Qtp.g 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00002\48F1102D.VBN Infected: Trojan.Win32.Agent.afwg 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09340000\4DBE1DB4.VBN Infected: Trojan-Downloader.JS.Inor.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DFE2508.VBN Infected: Exploit.HTML.Mht.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E280000\4EAF773F.VBN Infected: Exploit.SWF.Downloader.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4FFDD5C4.VBN Infected: Trojan-Downloader.JS.Agent.hv 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580001\4FFDD5EC.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580002\4FFDD5FA.VBN Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580002\4FFDD5FA.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580003\4FFDD627.VBN Infected: Trojan-Downloader.JS.Agent.hv 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580004\4FFDD648.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13640000\5BE6F32E.VBN Infected: Exploit.SWF.Downloader.hm 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13D40001\5BDD0312.VBN Infected: Exploit.SWF.Downloader.hm 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15640000\5DF4D7DE.VBN Infected: Exploit.SWF.Downloader.hm 1 C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.n 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp Infected: Trojan.Win32.Small.brl 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB1 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB2 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB3 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS04C5FA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS072854.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS0E4F62.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS131416.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS17D8CA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS1BF390.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS245E22.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS27DF52.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS2DC587.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS2F0660.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS33CB14.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS3FB6D6.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS46DDE4.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS52C9A6.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS734630.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS90EE97.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9350F8.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9A781B.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9F3CDD.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSA4019F.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSAA474D.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSAFED84.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSB97708.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSC44376.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSC9082C.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSCB6A87.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD29198.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD450AA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD7564E.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD9B8A9.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSE0DFBA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSF677DE.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSFA35AC.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSFB3C92.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184.tmp Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184_228.VIR Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184_348.VIR Infected: Trojan.Win32.Patched.dw 1 The selected area was scanned.
  4. ComboFix 09-01-19.03 - Em 2009-01-19 20:26:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -6:00] Running from: c:\documents and settings\Em\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) FW: Trend Micro Personal Firewall *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm c:\windows\Downloaded Program Files\DDTums.1.0.0.12 c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe c:\windows\system32\uniq.tll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . 2009-01-13 19:14 . 2009-01-13 19:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 19:14 . 2009-01-13 19:14 <DIR> d-------- c:\documents and settings\Em\Application Data\Malwarebytes 2009-01-13 19:14 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-13 19:14 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-12 21:49 . 2009-01-12 21:49 <DIR> d-------- c:\program files\Windows Resource Kits 2009-01-12 20:24 . 2009-01-12 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-12 20:23 . 2009-01-12 20:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-06 21:49 . 2008-07-30 11:05 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-06 21:49 . 2008-07-30 11:05 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys 2009-01-06 21:49 . 2008-07-30 11:05 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys 2009-01-06 21:46 . 2009-01-19 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro 2009-01-06 21:45 . 2009-01-12 22:01 <DIR> d-------- c:\program files\Trend Micro 2009-01-06 21:40 . 2009-01-06 21:40 <DIR> d-------- c:\program files\Trend Micro Internet Security 2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d--h----- c:\windows\system32\GroupPolicy 2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\program files\iTunes 2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\program files\iPod 2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 05:00 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-06 05:55 --------- d-----w c:\program files\Symantec AntiVirus 2009-01-06 03:22 --------- d-----w c:\documents and settings\Em\Application Data\Apple Computer 2009-01-05 01:26 --------- d-----w c:\program files\SweetIM 2009-01-05 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM 2009-01-04 20:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-27 15:46 --------- d-----w c:\documents and settings\Jerry\Application Data\Apple Computer 2008-12-22 05:33 --------- d-----w c:\program files\QuickTime 2008-12-22 04:55 --------- d-----w c:\program files\Common Files\Apple 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 03:24 --------- d-----w c:\program files\MySpace 2008-12-07 03:24 --------- d-----w c:\documents and settings\Mitzi\Application Data\MySpace 2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys 2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys 2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys 2007-02-17 01:03 32 ----a-r c:\documents and settings\All Users\hash.dat 2007-02-13 00:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE 2007-01-27 19:52 774,144 ----a-w c:\program files\RngInterstitial.dll 2008-10-16 16:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-27 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-21 30208] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008] c:\documents and settings\Mitzi\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-08-18 1445904] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-08-18 633856] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-12-21 22:42 40448 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-04-20 11:10 50792 c:\program files\Common Files\AOL\1155959154\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IBM\\SBClient\\sbopen\\BIN\\sbclient.exe"= "c:\\Program Files\\Common Files\\AOL\\1155959154\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1155959154\\ee\\aim6.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-02 99376] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-07-30 334352] R4 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-21 13568] R4 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-21 33024] R4 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2005-12-21 3456] R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-01-06 49680] R4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-01-06 492888] R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-07-30 36368] R4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-06 677128] S0 trvbfdt;trvbfdt;c:\windows\system32\drivers\ehaiog.sys --> c:\windows\system32\drivers\ehaiog.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-Aim6 - ~c:\program files\AIM6\aim6.exe HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe MSConfigStartUp-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www6.comcast.net/ uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Search IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html DPF: {EBE67253-D4EA-11D3-845A-00500483D287} - file:///D:/vwr_data/dcm_vwr.cab DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdash/DinerDashTums.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-19 20:33:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1868) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\windows\system32\biologon.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\windows\system32\CLBCATQ.DLL c:\program files\Protector Suite QL\crypto.dll c:\program files\Protector Suite QL\mysafe.dll - - - - - - - > 'lsass.exe'(1924) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Trend Micro\BM\TMBMSRV.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\system32\DVDRAMSV.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\program files\Protector Suite QL\psqltray.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2009-01-19 20:39:17 - machine was rebooted [Em] ComboFix-quarantined-files.txt 2009-01-20 02:39:09 Pre-Run: 80,277,454,848 bytes free Post-Run: 81,838,624,768 bytes free 539 --- E O F --- 2009-01-20 02:07:38 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:40:42 PM, on 1/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 13289 bytes
  5. Sorry I moved on thursday, still getting settled. I will try and get you the logs tonight.
  6. Here are the new logs: Malwarebytes' Anti-Malware 1.32 Database version: 1648 Windows 5.1.2600 Service Pack 3 1/13/2009 8:40:51 PM mbam-log-2009-01-13 (20-40-51).txt Scan type: Quick Scan Objects scanned: 111605 Time elapsed: 24 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\pcload.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Em\Local Settings\Temp\senekad184.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:50 PM, on 1/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O20 - AppInit_DLLs: utaqmx.dll O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 12358 bytes
  7. I did get MBAM installed again, sorry for the delay i was at work, I'm scanning now. I will post new logs when they're done.
  8. My Fiance's laptop had spygaurd2008 installed on it, I installed Malwarebytes and ran it, at the time the laptop would only run in safe mode with any stability. Malwarebytes found around 85 infected files. Now whenever i try to run Malwarebytes I receive an error: Run-time error '339' vbalsgrid6.ocx C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll Unable to register the DLL/OCX (there is more to the error but I'm at work and can't remember it all). I tried the fix on this thread but it didn't work. Here is the log from when Malwarebytes ran and the log from a hijackthis scan. I have also run trend micro internet security. Please help! Malwarebytes' Anti-Malware 1.32 Database version: 1616 Windows 5.1.2600 Service Pack 3 1/12/2009 9:03:17 PM mbam-log-2009-01-12 (21-03-17).txt Scan type: Quick Scan Objects scanned: 109663 Time elapsed: 24 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 32 Registry Values Infected: 5 Registry Data Items Infected: 6 Folders Infected: 5 Files Infected: 38 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\cbXrolMf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yweayqoj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\utaqmx.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205a1263-7bd9-474c-9a14-75025f45f28a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{205a1263-7bd9-474c-9a14-75025f45f28a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d6162c9-5f46-4ef7-8040-0744c4936478} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7d6162c9-5f46-4ef7-8040-0744c4936478} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0d9aa09-3b79-4329-aa4a-bcf3fa49ebe4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07dc1a93-5e4a-4157-80e8-7eb259b615bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\002d7f3c (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.Spyguard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrolmf -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrolmf -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\cbXrolMf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fMlorXbc.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fMlorXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\utaqmx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yweayqoj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\joqyaewy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\WINDOWS\system32\obijxowc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y1WF2LIN\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Em\Local Settings\Temporary Internet Files\Content.IE5\XPQ492YV\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\sinstaller2.exe (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekajdpoyexq.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekauvgarjtd.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekadjitfqjm.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXnnKdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ttywduuokh.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. And here is the Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:19:09 AM, on 1/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm479YYUS O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O20 - AppInit_DLLs: utaqmx.dll O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 15337 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.