slurm810
Members-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by slurm810
-
I have a user that is infected with the windowsclick redirect. I got MBAM to install but could not get it to run, I tried renaming it but that didnt work. Here is a HJT log from the infected computer. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:19:16 PM, on 3/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\RightFax\Client\FaxCtrl.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\program files\captureeze97\capeze97.exe C:\WINDOWS\TEMP\oavn2fdc.exe C:\WINDOWS\TEMP\oavn2fdc.exe C:\Program Files\LibertyNET\LbrtyFaxMan.exe C:\DOCUME~1\shellyp\LOCALS~1\Temp\3212965233.exe C:\WINDOWS\TEMP\oavn2fdc.exe C:\WINDOWS\system32\faxman4.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {104c350e-77f9-424d-9715-72e595c7c671} - C:\WINDOWS\system32\ririvalo.dll O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: {a9da1a02-538a-674a-6b74-a2a60d006159} - {951600d0-6a2a-47b6-a476-a83520a1ad9a} - C:\WINDOWS\system32\aoxqsg.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [CPM0f5c8f5e] Rundll32.exe "c:\windows\system32\sesanujo.dll",a O4 - HKLM\..\Run: [rivuzaloha] Rundll32.exe "C:\WINDOWS\system32\bavavugo.dll",s O4 - HKCU\..\Run: [CaptureEze97] c:\program files\captureeze97\capeze97.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\oavn2fdc.exe O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\oavn2fdc.exe O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\shellyp\LOCALS~1\Temp\3212965233.exe O4 - HKUS\S-1-5-19\..\Run: [rivuzaloha] Rundll32.exe "C:\WINDOWS\system32\bavavugo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [rivuzaloha] Rundll32.exe "C:\WINDOWS\system32\bavavugo.dll",s (User 'NETWORK SERVICE') O4 - Global Startup: LbrtyFaxMan.lnk = C:\Program Files\LibertyNET\LbrtyFaxMan.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://companyweb O16 - DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} (M6 - VA Launcher) - http://voice.consolidated.net/webportal/plugins/VA.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135008145250 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173729126921 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} (Tekelec 6000 VM Player Launcher) - https://voice.consolidated.net/webportal/pl...ns/VMPlayer.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab? O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usastaffing.local O17 - HKLM\Software\..\Telephony: DomainName = usastaffing.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usastaffing.local O20 - AppInit_DLLs: C:\WINDOWS\system32\punidezu.dll aoxqsg.dll c:\windows\system32\sesanujo.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sesanujo.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sesanujo.dll O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10386 bytes
-
Ran Malwarebytes once. Won't run again.
slurm810 replied to slurm810's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.33 Database version: 1668 Windows 5.1.2600 Service Pack 3 1/19/2009 11:58:34 PM mbam-log-2009-01-19 (23-58-34).txt Scan type: Quick Scan Objects scanned: 66361 Time elapsed: 4 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:03:20 AM, on 1/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\internet explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 14332 bytes -
Ran Malwarebytes once. Won't run again.
slurm810 replied to slurm810's topic in Resolved Malware Removal Logs
Here is the Kaspersky log, running MBAM atm will post it and HJT log when they are done. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, January 19, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, January 20, 2009 03:08:58 Records in database: 1651128 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 92504 Threat name: 15 Infected objects: 61 Suspicious objects: 0 Duration of the scan: 01:40:24 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000\47F6DDE6.VBN Infected: Trojan-Downloader.JS.Agent.bi 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001\47F6DE57.VBN Infected: Exploit.Win32.IMG-WMF.v 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002\47F6DE61.VBN Infected: Trojan-Downloader.JS.Agent.bi 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00001\48F11021.VBN Infected: Exploit.Multi.Qtp.g 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00002\48F1102D.VBN Infected: Trojan.Win32.Agent.afwg 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09340000\4DBE1DB4.VBN Infected: Trojan-Downloader.JS.Inor.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DFE2508.VBN Infected: Exploit.HTML.Mht.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E280000\4EAF773F.VBN Infected: Exploit.SWF.Downloader.c 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4FFDD5C4.VBN Infected: Trojan-Downloader.JS.Agent.hv 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580001\4FFDD5EC.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580002\4FFDD5FA.VBN Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580002\4FFDD5FA.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580003\4FFDD627.VBN Infected: Trojan-Downloader.JS.Agent.hv 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580004\4FFDD648.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13640000\5BE6F32E.VBN Infected: Exploit.SWF.Downloader.hm 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13D40001\5BDD0312.VBN Infected: Exploit.SWF.Downloader.hm 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15640000\5DF4D7DE.VBN Infected: Exploit.SWF.Downloader.hm 1 C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.n 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp Infected: Trojan.Win32.Small.brl 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB1 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB2 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB3 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS04C5FA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS072854.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS0E4F62.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS131416.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS17D8CA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS1BF390.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS245E22.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS27DF52.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS2DC587.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS2F0660.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS33CB14.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS3FB6D6.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS46DDE4.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS52C9A6.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS734630.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS90EE97.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9350F8.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9A781B.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9F3CDD.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSA4019F.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSAA474D.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSAFED84.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSB97708.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSC44376.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSC9082C.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSCB6A87.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD29198.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD450AA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD7564E.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD9B8A9.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSE0DFBA.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSF677DE.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSFA35AC.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSFB3C92.RB0 Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184.tmp Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184_228.VIR Infected: Trojan.Win32.Patched.dw 1 C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184_348.VIR Infected: Trojan.Win32.Patched.dw 1 The selected area was scanned. -
Ran Malwarebytes once. Won't run again.
slurm810 replied to slurm810's topic in Resolved Malware Removal Logs
ComboFix 09-01-19.03 - Em 2009-01-19 20:26:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -6:00] Running from: c:\documents and settings\Em\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) FW: Trend Micro Personal Firewall *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm c:\windows\Downloaded Program Files\DDTums.1.0.0.12 c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png c:\windows\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe c:\windows\system32\uniq.tll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . 2009-01-13 19:14 . 2009-01-13 19:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 19:14 . 2009-01-13 19:14 <DIR> d-------- c:\documents and settings\Em\Application Data\Malwarebytes 2009-01-13 19:14 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-13 19:14 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-12 21:49 . 2009-01-12 21:49 <DIR> d-------- c:\program files\Windows Resource Kits 2009-01-12 20:24 . 2009-01-12 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-12 20:23 . 2009-01-12 20:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-06 21:49 . 2008-07-30 11:05 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-06 21:49 . 2008-07-30 11:05 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys 2009-01-06 21:49 . 2008-07-30 11:05 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys 2009-01-06 21:46 . 2009-01-19 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro 2009-01-06 21:45 . 2009-01-12 22:01 <DIR> d-------- c:\program files\Trend Micro 2009-01-06 21:40 . 2009-01-06 21:40 <DIR> d-------- c:\program files\Trend Micro Internet Security 2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d--h----- c:\windows\system32\GroupPolicy 2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\program files\iTunes 2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\program files\iPod 2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 05:00 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-06 05:55 --------- d-----w c:\program files\Symantec AntiVirus 2009-01-06 03:22 --------- d-----w c:\documents and settings\Em\Application Data\Apple Computer 2009-01-05 01:26 --------- d-----w c:\program files\SweetIM 2009-01-05 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM 2009-01-04 20:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-27 15:46 --------- d-----w c:\documents and settings\Jerry\Application Data\Apple Computer 2008-12-22 05:33 --------- d-----w c:\program files\QuickTime 2008-12-22 04:55 --------- d-----w c:\program files\Common Files\Apple 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 03:24 --------- d-----w c:\program files\MySpace 2008-12-07 03:24 --------- d-----w c:\documents and settings\Mitzi\Application Data\MySpace 2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys 2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys 2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys 2007-02-17 01:03 32 ----a-r c:\documents and settings\All Users\hash.dat 2007-02-13 00:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE 2007-01-27 19:52 774,144 ----a-w c:\program files\RngInterstitial.dll 2008-10-16 16:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-27 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-21 30208] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008] c:\documents and settings\Mitzi\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-08-18 1445904] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-08-18 633856] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-12-21 22:42 40448 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-04-20 11:10 50792 c:\program files\Common Files\AOL\1155959154\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IBM\\SBClient\\sbopen\\BIN\\sbclient.exe"= "c:\\Program Files\\Common Files\\AOL\\1155959154\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1155959154\\ee\\aim6.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-02 99376] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-07-30 334352] R4 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-21 13568] R4 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-21 33024] R4 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2005-12-21 3456] R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-01-06 49680] R4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-01-06 492888] R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-07-30 36368] R4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-06 677128] S0 trvbfdt;trvbfdt;c:\windows\system32\drivers\ehaiog.sys --> c:\windows\system32\drivers\ehaiog.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-Aim6 - ~c:\program files\AIM6\aim6.exe HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe MSConfigStartUp-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www6.comcast.net/ uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Search IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html DPF: {EBE67253-D4EA-11D3-845A-00500483D287} - file:///D:/vwr_data/dcm_vwr.cab DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdash/DinerDashTums.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-19 20:33:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1868) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\windows\system32\biologon.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\windows\system32\CLBCATQ.DLL c:\program files\Protector Suite QL\crypto.dll c:\program files\Protector Suite QL\mysafe.dll - - - - - - - > 'lsass.exe'(1924) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Trend Micro\BM\TMBMSRV.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\system32\DVDRAMSV.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\program files\Protector Suite QL\psqltray.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2009-01-19 20:39:17 - machine was rebooted [Em] ComboFix-quarantined-files.txt 2009-01-20 02:39:09 Pre-Run: 80,277,454,848 bytes free Post-Run: 81,838,624,768 bytes free 539 --- E O F --- 2009-01-20 02:07:38 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:40:42 PM, on 1/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 13289 bytes -
Ran Malwarebytes once. Won't run again.
slurm810 replied to slurm810's topic in Resolved Malware Removal Logs
Sorry I moved on thursday, still getting settled. I will try and get you the logs tonight. -
Ran Malwarebytes once. Won't run again.
slurm810 replied to slurm810's topic in Resolved Malware Removal Logs
Here are the new logs: Malwarebytes' Anti-Malware 1.32 Database version: 1648 Windows 5.1.2600 Service Pack 3 1/13/2009 8:40:51 PM mbam-log-2009-01-13 (20-40-51).txt Scan type: Quick Scan Objects scanned: 111605 Time elapsed: 24 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\pcload.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Em\Local Settings\Temp\senekad184.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:50 PM, on 1/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O20 - AppInit_DLLs: utaqmx.dll O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 12358 bytes -
Ran Malwarebytes once. Won't run again.
slurm810 replied to slurm810's topic in Resolved Malware Removal Logs
I did get MBAM installed again, sorry for the delay i was at work, I'm scanning now. I will post new logs when they're done. -
My Fiance's laptop had spygaurd2008 installed on it, I installed Malwarebytes and ran it, at the time the laptop would only run in safe mode with any stability. Malwarebytes found around 85 infected files. Now whenever i try to run Malwarebytes I receive an error: Run-time error '339' vbalsgrid6.ocx C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll Unable to register the DLL/OCX (there is more to the error but I'm at work and can't remember it all). I tried the fix on this thread but it didn't work. Here is the log from when Malwarebytes ran and the log from a hijackthis scan. I have also run trend micro internet security. Please help! Malwarebytes' Anti-Malware 1.32 Database version: 1616 Windows 5.1.2600 Service Pack 3 1/12/2009 9:03:17 PM mbam-log-2009-01-12 (21-03-17).txt Scan type: Quick Scan Objects scanned: 109663 Time elapsed: 24 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 32 Registry Values Infected: 5 Registry Data Items Infected: 6 Folders Infected: 5 Files Infected: 38 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\cbXrolMf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yweayqoj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\utaqmx.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205a1263-7bd9-474c-9a14-75025f45f28a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{205a1263-7bd9-474c-9a14-75025f45f28a} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d6162c9-5f46-4ef7-8040-0744c4936478} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7d6162c9-5f46-4ef7-8040-0744c4936478} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0d9aa09-3b79-4329-aa4a-bcf3fa49ebe4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07dc1a93-5e4a-4157-80e8-7eb259b615bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\002d7f3c (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.Spyguard) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrolmf -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrolmf -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\cbXrolMf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fMlorXbc.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fMlorXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\utaqmx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yweayqoj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\joqyaewy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Quarantined and deleted successfully. C:\WINDOWS\system32\obijxowc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y1WF2LIN\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Em\Local Settings\Temporary Internet Files\Content.IE5\XPQ492YV\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\sinstaller2.exe (Adware.Comet) -> Quarantined and deleted successfully. C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekajdpoyexq.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekauvgarjtd.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekadjitfqjm.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXnnKdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ttywduuokh.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. And here is the Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:19:09 AM, on 1/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm479YYUS O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514 O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab O20 - AppInit_DLLs: utaqmx.dll O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 15337 bytes