Jump to content

Ran Malwarebytes once. Won't run again.


Recommended Posts

My Fiance's laptop had spygaurd2008 installed on it, I installed Malwarebytes and ran it, at the time the laptop would only run in safe mode with any stability. Malwarebytes found around 85 infected files. Now whenever i try to run Malwarebytes I receive an error: Run-time error '339' vbalsgrid6.ocx

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll Unable to register the DLL/OCX (there is more to the error but I'm at work and can't remember it all). I tried the fix on this thread but it didn't work. Here is the log from when Malwarebytes ran and the log from a hijackthis scan. I have also run trend micro internet security. Please help!

Malwarebytes' Anti-Malware 1.32

Database version: 1616

Windows 5.1.2600 Service Pack 3

1/12/2009 9:03:17 PM

mbam-log-2009-01-12 (21-03-17).txt

Scan type: Quick Scan

Objects scanned: 109663

Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 32

Registry Values Infected: 5

Registry Data Items Infected: 6

Folders Infected: 5

Files Infected: 38

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\cbXrolMf.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\yweayqoj.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\utaqmx.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205a1263-7bd9-474c-9a14-75025f45f28a} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{205a1263-7bd9-474c-9a14-75025f45f28a} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d6162c9-5f46-4ef7-8040-0744c4936478} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7d6162c9-5f46-4ef7-8040-0744c4936478} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a0d9aa09-3b79-4329-aa4a-bcf3fa49ebe4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07dc1a93-5e4a-4157-80e8-7eb259b615bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\002d7f3c (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.Spyguard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrolmf -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxrolmf -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\cbXrolMf.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\fMlorXbc.ini (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\fMlorXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\utaqmx.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\yweayqoj.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\joqyaewy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\obijxowc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y1WF2LIN\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Em\Local Settings\Temporary Internet Files\Content.IE5\XPQ492YV\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\SSSInst\bin\sinstaller2.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\senekajdpoyexq.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\senekauvgarjtd.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\senekadjitfqjm.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXnnKdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ttywduuokh.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

And here is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:19:09 AM, on 1/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm479YYUS

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab

O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab

O20 - AppInit_DLLs: utaqmx.dll

O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 15337 bytes

Link to post
Share on other sites
So is MBAM working or not, since you did post a log.

Please update MBAM and run another Quick Scan and post back that log as well a new HJT log.

If MBAM is no longer running or won't update let me know.

I did get MBAM installed again, sorry for the delay i was at work, I'm scanning now. I will post new logs when they're done.

Link to post
Share on other sites

Here are the new logs:

Malwarebytes' Anti-Malware 1.32

Database version: 1648

Windows 5.1.2600 Service Pack 3

1/13/2009 8:40:51 PM

mbam-log-2009-01-13 (20-40-51).txt

Scan type: Quick Scan

Objects scanned: 111605

Time elapsed: 24 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 10

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\pcload.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Em\Local Settings\Temp\senekad184.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:42:50 PM, on 1/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab

O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab

O20 - AppInit_DLLs: utaqmx.dll

O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 12358 bytes

Link to post
Share on other sites
  • Root Admin

STEP 1

Start HJT and run Do a system scan only and place a check mark on the following items.

  • R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
  • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  • O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing)
  • O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
  • O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
  • O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  • O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  • O20 - AppInit_DLLs: utaqmx.dll
  • O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\
    DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now.
    Once all browsers are closed, then click on Fix checked and then quit HJT

STEP 2

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

STEP 3

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites
STEP 1

Start HJT and run Do a system scan only and place a check mark on the following items.

  • R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

  • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

  • O2 - BHO: (no name) - {205A1263-7BD9-474C-9A14-75025F45F28A} - C:\WINDOWS\system32\cbXrolMf.dll (file missing)

  • O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

  • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

  • O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

  • O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

  • O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

  • O20 - AppInit_DLLs: utaqmx.dll

  • O20 - Winlogon Notify: byXnnKdD - C:\WINDOWS\

    DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now.

    Once all browsers are closed, then click on Fix checked and then quit HJT

STEP 2

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:
You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.
Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:
The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.
Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

STEP 3

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)

  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.

    • Update Malwarebytes' Anti-Malware

    • Select the Update tab

    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:

    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

ComboFix 09-01-19.03 - Em 2009-01-19 20:26:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -6:00]

Running from: c:\documents and settings\Em\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)

FW: Trend Micro Personal Firewall *disabled*

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm

c:\windows\Downloaded Program Files\DDTums.1.0.0.12

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe

c:\windows\system32\uniq.tll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_seneka

((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))

.

2009-01-13 19:14 . 2009-01-13 19:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-13 19:14 . 2009-01-13 19:14 <DIR> d-------- c:\documents and settings\Em\Application Data\Malwarebytes

2009-01-13 19:14 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-13 19:14 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-12 21:49 . 2009-01-12 21:49 <DIR> d-------- c:\program files\Windows Resource Kits

2009-01-12 20:24 . 2009-01-12 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-01-12 20:23 . 2009-01-12 20:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-06 21:49 . 2008-07-30 11:05 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys

2009-01-06 21:49 . 2008-07-30 11:05 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys

2009-01-06 21:49 . 2008-07-30 11:05 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys

2009-01-06 21:46 . 2009-01-19 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro

2009-01-06 21:45 . 2009-01-12 22:01 <DIR> d-------- c:\program files\Trend Micro

2009-01-06 21:40 . 2009-01-06 21:40 <DIR> d-------- c:\program files\Trend Micro Internet Security

2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d--h----- c:\windows\system32\GroupPolicy

2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\program files\iTunes

2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\program files\iPod

2008-12-21 22:55 . 2008-12-21 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 05:00 --------- d-----w c:\program files\Windows Media Connect 2

2009-01-06 05:55 --------- d-----w c:\program files\Symantec AntiVirus

2009-01-06 03:22 --------- d-----w c:\documents and settings\Em\Application Data\Apple Computer

2009-01-05 01:26 --------- d-----w c:\program files\SweetIM

2009-01-05 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM

2009-01-04 20:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-12-27 15:46 --------- d-----w c:\documents and settings\Jerry\Application Data\Apple Computer

2008-12-22 05:33 --------- d-----w c:\program files\QuickTime

2008-12-22 04:55 --------- d-----w c:\program files\Common Files\Apple

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-07 03:24 --------- d-----w c:\program files\MySpace

2008-12-07 03:24 --------- d-----w c:\documents and settings\Mitzi\Application Data\MySpace

2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys

2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys

2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys

2007-02-17 01:03 32 ----a-r c:\documents and settings\All Users\hash.dat

2007-02-13 00:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE

2007-01-27 19:52 774,144 ----a-w c:\program files\RngInterstitial.dll

2008-10-16 16:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-27 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-21 30208]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]

"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]

"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

c:\documents and settings\Mitzi\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-08-18 1445904]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-08-18 633856]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-12-21 22:42 40448 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

--a------ 2006-04-20 11:10 50792 c:\program files\Common Files\AOL\1155959154\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\IBM\\SBClient\\sbopen\\BIN\\sbclient.exe"=

"c:\\Program Files\\Common Files\\AOL\\1155959154\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1155959154\\ee\\aim6.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-02 99376]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-07-30 334352]

R4 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-21 13568]

R4 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-21 33024]

R4 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2005-12-21 3456]

R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-01-06 49680]

R4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-01-06 492888]

R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-07-30 36368]

R4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-06 677128]

S0 trvbfdt;trvbfdt;c:\windows\system32\drivers\ehaiog.sys --> c:\windows\system32\drivers\ehaiog.sys [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKCU-Run-Aim6 - ~c:\program files\AIM6\aim6.exe

HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

MSConfigStartUp-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www6.comcast.net/

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Search

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

DPF: {EBE67253-D4EA-11D3-845A-00500483D287} - file:///D:/vwr_data/dcm_vwr.cab

DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdash/DinerDashTums.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-19 20:33:52

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1868)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\CLBCATQ.DLL

c:\program files\Protector Suite QL\crypto.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1924)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Trend Micro\BM\TMBMSRV.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Trend Micro\Internet Security\SfCtlCom.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\dllhost.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Protector Suite QL\psqltray.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\system32\TPSBattM.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\AIM6\aolsoftware.exe

.

**************************************************************************

.

Completion time: 2009-01-19 20:39:17 - machine was rebooted [Em]

ComboFix-quarantined-files.txt 2009-01-20 02:39:09

Pre-Run: 80,277,454,848 bytes free

Post-Run: 81,838,624,768 bytes free

539 --- E O F --- 2009-01-20 02:07:38

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:40:42 PM, on 1/19/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab

O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 13289 bytes

Link to post
Share on other sites
  • Root Admin

Good that's a start. Please run the following.

Please run an online scan with Kaspersky

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:

KAS.gif

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs

Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

When that is done let me know what it found and what it removed.

Then run this again.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

Here is the Kaspersky log, running MBAM atm will post it and HJT log when they are done.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, January 19, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, January 20, 2009 03:08:58

Records in database: 1651128

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Files scanned: 92504

Threat name: 15

Infected objects: 61

Suspicious objects: 0

Duration of the scan: 01:40:24

File name / Threat name / Threats count

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40000\47F6DDE6.VBN Infected: Trojan-Downloader.JS.Agent.bi 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40001\47F6DE57.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A40002\47F6DE61.VBN Infected: Trojan-Downloader.JS.Agent.bi 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00001\48F11021.VBN Infected: Exploit.Multi.Qtp.g 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00002\48F1102D.VBN Infected: Trojan.Win32.Agent.afwg 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09340000\4DBE1DB4.VBN Infected: Trojan-Downloader.JS.Inor.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DF00000\4DFE2508.VBN Infected: Exploit.HTML.Mht.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E280000\4EAF773F.VBN Infected: Exploit.SWF.Downloader.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4FFDD5C4.VBN Infected: Trojan-Downloader.JS.Agent.hv 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580001\4FFDD5EC.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580002\4FFDD5FA.VBN Infected: Exploit.Java.ByteVerify 2

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580002\4FFDD5FA.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580003\4FFDD627.VBN Infected: Trojan-Downloader.JS.Agent.hv 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580004\4FFDD648.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13640000\5BE6F32E.VBN Infected: Exploit.SWF.Downloader.hm 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13D40001\5BDD0312.VBN Infected: Exploit.SWF.Downloader.hm 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15640000\5DF4D7DE.VBN Infected: Exploit.SWF.Downloader.hm 1

C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.n 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp Infected: Trojan.Win32.Small.brl 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB1 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB2 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\senekad184.RB3 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS04C5FA.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS072854.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS0E4F62.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS131416.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS17D8CA.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS1BF390.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS245E22.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS27DF52.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS2DC587.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS2F0660.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS33CB14.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS3FB6D6.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS46DDE4.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS52C9A6.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS734630.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS90EE97.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9350F8.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9A781B.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VS9F3CDD.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSA4019F.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSAA474D.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSAFED84.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSB97708.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSC44376.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSC9082C.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSCB6A87.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD29198.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD450AA.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD7564E.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSD9B8A9.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSE0DFBA.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSF677DE.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSFA35AC.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\Backup\VSFB3C92.RB0 Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184.tmp Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184_228.VIR Infected: Trojan.Win32.Patched.dw 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\senekad184_348.VIR Infected: Trojan.Win32.Patched.dw 1

The selected area was scanned.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.33

Database version: 1668

Windows 5.1.2600 Service Pack 3

1/19/2009 11:58:34 PM

mbam-log-2009-01-19 (23-58-34).txt

Scan type: Quick Scan

Objects scanned: 66361

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:03:20 AM, on 1/20/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155931717514

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file:///D:/vwr_data/dcm_vwr.cab

O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 14332 bytes

Link to post
Share on other sites
  • Root Admin

You show that you have 2 Antivirus programs. You can only have 1 installed at any one time.

Please choose the one you want to use and remove the other.

also it doesn't look like you're following through with the HJT for removing the Java entries. I've not yet seen any Malware protect those entries from being removed unless it was blocking ALL registry changes which doesn't seem to be the case. Please review the previous posts about the Java removal and try them again.

Empty out the Quarantine files as well. Then when those tasks are done run MBAM, UPDATE it and do another Quick Scan

Then RESTART the computer and run a new HJT log please.

Link to post
Share on other sites
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.