Hi, all went w/o a hitch
.Below is the combo fix log and new hijack this log. Thanks!
ComboFix 09-10-04.01 - Owner 10/04/2009 20:12.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3367.2994 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\uboxykiz.pif
c:\documents and settings\All Users\Documents\xofykutu.inf
c:\documents and settings\Owner\Application Data\ecoqig.vbs
c:\documents and settings\Owner\Application Data\foxyzun.bin
c:\documents and settings\Owner\Application Data\molukivo.ban
c:\documents and settings\Owner\Application Data\ozoke.lib
c:\documents and settings\Owner\Application Data\tedude.lib
c:\documents and settings\Owner\Application Data\ubew.bat
c:\documents and settings\Owner\Application Data\ujykagi.sys
c:\documents and settings\Owner\Start Menu\Advanced Virus Remover.lnk
C:\mdnsq.exe
C:\p2hhr.bat
c:\program files\AdvancedVirusRemover
c:\program files\Common Files\vazoby.inf
c:\program files\Common Files\xymed._dl
c:\program files\Protection System
c:\program files\Protection System\core.cga
c:\program files\Protection System\help.ico
c:\windows\eniteboy.dll
c:\windows\jitofu.inf
c:\windows\kubutatiku.pif
c:\windows\mabed.dl
c:\windows\sabe.exe
c:\windows\system32\~.exe
c:\windows\system32\41.exe
c:\windows\system32\davafuhu.dll
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACmexmupotmn.sys
c:\windows\system32\UACajxqulfvdo.dll
c:\windows\system32\UACaltepxgnpj.dll
c:\windows\system32\UACaomoyqqsgl.dll
c:\windows\system32\UACdsmlqgodjk.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnxxwfhjpqq.db
c:\windows\system32\uactmp.db
c:\windows\system32\UACyiyuhtitcs.dat
c:\windows\system32\UACypjbepnxft.dll
c:\windows\system32\vupila.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wingenocx.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\towibokuwu.exe
c:\windows\ynifuresuj.vbs
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-05 00:26 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-05 00:26 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-03 14:33 . 2009-10-03 14:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-03 14:20 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 14:20 . 2009-10-03 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 14:20 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 13:58 . 2009-10-03 15:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 00:43 . 2009-10-02 00:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-09-28 23:57 . 2009-09-28 23:57 -------- d--h--w- c:\windows\PIF
2009-09-27 14:54 . 2009-09-29 00:30 1014172 ----a-w- c:\windows\system32\RegiCleanseUpdates.zip
2009-09-27 14:11 . 2009-09-27 14:11 -------- d-----w- c:\windows\system32\RegiCleanse
2009-09-27 14:11 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2009-09-27 14:11 . 2009-10-02 23:54 -------- d-----w- c:\program files\RegiCleanse System Optimizer
2009-09-26 16:30 . 2009-05-22 04:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys
2009-09-21 01:59 . 2009-09-21 01:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-20 18:12 . 2009-09-20 18:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{53C850E7-C2FC-47B3-B5D3-16BC9CAAFB49}
2009-09-20 18:09 . 2009-09-20 18:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-20 16:00 . 2009-09-20 16:00 10752 ----a-w- c:\windows\DCEBoot.exe
2009-09-20 15:56 . 2009-10-04 15:12 0 ----a-w- c:\windows\Xkeruraf.bin
2009-09-20 15:56 . 2009-10-04 23:58 120 ----a-w- c:\windows\Vlujipuzimocinex.dat
2009-09-20 15:56 . 2009-09-20 15:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{3A7BA29C-BA4D-42FE-971B-A380559F8EB0}
2009-09-20 15:55 . 2009-09-20 15:55 17101 ----a-w- c:\windows\zuwiref.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 15:53 . 2008-08-23 03:55 5072 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-10-03 15:36 . 2009-08-02 16:22 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-10-03 13:50 . 2009-01-24 01:25 -------- d-----w- c:\program files\Vuze
2009-09-28 22:11 . 2008-08-03 14:33 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-09-26 16:21 . 2008-08-02 20:00 62904 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 22:06 . 2008-08-03 13:47 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-09-20 22:06 . 2008-08-03 13:47 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-09-20 22:06 . 2008-08-03 13:47 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-20 16:01 . 2009-09-20 16:01 19905 ----a-w- c:\documents and settings\Owner\Application Data\avydo.dat
2009-09-20 16:01 . 2009-09-20 16:01 15337 ----a-w- c:\program files\Common Files\egaxog.lib
2009-09-20 15:55 . 2009-06-20 15:55 44970 --sha-w- c:\windows\system32\vedilune.exe
2009-09-20 15:55 . 2009-09-20 15:55 18120 ----a-w- c:\program files\Common Files\icuhi.lib
2009-09-20 15:55 . 2009-09-20 15:55 11491 ----a-w- c:\program files\Common Files\sevuzez._sy
2009-09-20 15:50 . 2009-01-24 01:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-08-02 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-03-22 01:03 . 2009-03-22 01:03 1911328 -c--a-w- c:\program files\ImgBurn.rar
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-31 1398024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-12 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-12 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-27 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-12-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-12-28 106496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli adet420.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [8/3/2008 9:47 AM 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:39 AM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/16/2008 12:39 AM 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/3/2008 9:48 AM 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [8/3/2008 9:48 AM 648456]
S2 gupdate1c9f83192256a02;Google Update Service (gupdate1c9f83192256a02);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/3/2009 10:20 AM 38224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.msn.commStart Page =
hxxp://www.msn.comuInternet Connection Wizard,ShellNext =
hxxp://www.gatewaybiz.com/DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\py6l8vp7.default\
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
FF - HiddenExtension: XULRunner: {3A7BA29C-BA4D-42FE-971B-A380559F8EB0} - c:\documents and settings\Owner\Local Settings\Application Data\{3A7BA29C-BA4D-42FE-971B-A380559F8EB0}
FF - HiddenExtension: XULRunner: {53C850E7-C2FC-47B3-B5D3-16BC9CAAFB49} - c:\documents and settings\Administrator\Local Settings\Application Data\{53C850E7-C2FC-47B3-B5D3-16BC9CAAFB49}
.
- - - - ORPHANS REMOVED - - - -
BHO-{edb510fb-305c-a090-64fd-8288a02a829d} - c:\windows\eniteboy.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-Crutopit - c:\windows\eniteboy.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-04 20:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1204)
c:\windows\adet420.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\adet420.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-10-05 20:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-05 00:58
Pre-Run: 19,023,355,904 bytes free
Post-Run: 19,154,704,896 bytes free
221 --- E O F --- 2009-09-10 21:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:22 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\windows\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\windows\system32\ctfmon.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.gatewaybiz.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter.rr.com/sdccommon/d ... gctlcm.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO23 - Service: Google Update Service (gupdate1c9f83192256a02) (gupdate1c9f83192256a02) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 5327 bytes