Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "seneka.sys" Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zavelin

Zavelin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 17 February 2009 - 08:39 AM

My latest Avira AntiVir scan revealed that my computer is infected with 4 hidden threats, all of them containing the word "seneka".

My autostart list has now been absolutely run over by what seems to be randomly generated processes.

Any help would be dearly appreciated!







DDS (Ver_09-02-01.01) - NTFSx86
Run by Zavelin at 8:26:43.14 on 2009-02-17
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1706 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe
C:\Users\Zavelin\AppData\Local\Temp\tzi655csdxk7m.exe
C:\Users\Zavelin\AppData\Local\Temp\yqo0ncma3z.exe
C:\Users\Zavelin\AppData\Local\Temp\oytf8j4s1u.exe
C:\Users\Zavelin\AppData\Local\Temp\j4cjd4.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Zavelin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: c:\windows\system32\uisd33faj387dd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\uisd33faj387dd.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
uRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
uRun: [uf4rbcnajc5] c:\users\zavelin\appdata\local\temp\uyz5qevikr026.exe
uRun: [s0v3voefmkoi7cbswfplw2cncgflmvj16k9mvbnk7] c:\users\zavelin\appdata\local\temp\h39tt7td0cr.exe
uRun: [deg13ad2xbk90o6cyl7z8avbmiswrl4xmml] c:\users\zavelin\appdata\local\temp\elbyb0no6.exe
uRun: [xsbyd7v26hoosxgqrsryvn2cr] c:\users\zavelin\appdata\local\temp\krcv2brk.exe
uRun: [cfdhivrhomc52ufrxif9diiqxbnmfsqrsea5] c:\users\zavelin\appdata\local\temp\g3l93bab.exe
uRun: [ygo3f43od2hkg5dapvfippq5puapkjui] c:\users\zavelin\appdata\local\temp\dvoyvgl.exe
uRun: [wiyijrmz0cvruucvul3fefw] c:\users\zavelin\appdata\local\temp\yyzy33karev.exe
uRun: [nderqppsefz9g27206sn9f2kfeddqvdbn5ov2] c:\users\zavelin\appdata\local\temp\e4jknk5ar46.exe
uRun: [pbt2dmuvu3w1q20w686189ovq5meotaxn1lhcbfynqn69] c:\users\zavelin\appdata\local\temp\sg1q3dttf.exe
uRun: [vgg0xrh23v2og970hpovgp5j46ti3gv5y] c:\users\zavelin\appdata\local\temp\xmbyltuz7c9f.exe
uRun: [dagq73w1ykrj23u7mn] c:\users\zavelin\appdata\local\temp\w8sekex.exe
uRun: [qqo7ypw1qwpmds9e2mhnq61m] c:\users\zavelin\appdata\local\temp\ks0ju68gcco.exe
uRun: [o0r8xzu94o14osit1f0zqllt3r6kf] c:\users\zavelin\appdata\local\temp\g13lxzsp40tj.exe
uRun: [oxu1wuagpm2a5oc9fhypgdxg8nxglae1ykjnjonqzdoba9d3] c:\users\zavelin\appdata\local\temp\eyi80ms.exe
uRun: [as3yur49qlh8htn22ihzstb5kvyq2khcqaffiecf2i22lt] c:\users\zavelin\appdata\local\temp\afwosw.exe
uRun: [ohei3xzlhb9ya7utcm8bovualmqbmd8hksh281rosi8] c:\users\zavelin\appdata\local\temp\qducrnr.exe
uRun: [cunbjqxmoesjnt3zixw8qf8nu961sb9a3xaxouh] c:\users\zavelin\appdata\local\temp\lxafhv6irm.exe
uRun: [dmzw31cmgbe8bar4rhsh6i1ynz2jr12lawiww] c:\users\zavelin\appdata\local\temp\jzi200i9a6.exe
uRun: [busvj1clqm809y4uwutcld997vgcqp9iu] c:\users\zavelin\appdata\local\temp\h04degpo1abb.exe
uRun: [jc6ykn1tbwhxmue93o8425605ot7a3g4] c:\users\zavelin\appdata\local\temp\f2v0x2kfkuy6q.exe
uRun: [tzs4cl2bj6h] c:\users\zavelin\appdata\local\temp\d0sfc9qmrr.exe
uRun: [kdmjscea7j0e14ymeq3ex1ynqvbuy71q09w] c:\users\zavelin\appdata\local\temp\frv38af8xhct.exe
uRun: [ovqwyr6rwcs6gzik2habfi8a5z1woej0t0zdkwx7eawt7dh] c:\users\zavelin\appdata\local\temp\g326koi86sf.exe
uRun: [jmjhz2je6mc99iknip7z5zn4yta95] c:\users\zavelin\appdata\local\temp\hk0wp86jboek.exe
uRun: [t8xzjk0uib6bipkjupbv0fhrgz26y2bu] c:\users\zavelin\appdata\local\temp\hkg10t5p1z.exe
uRun: [ik62oggx8bgdxpx44] c:\users\zavelin\appdata\local\temp\ec27syx5j.exe
uRun: [csu0y3qmr9n867k9j74ujljm9sryb7gwu55ashlgo9ff] c:\users\zavelin\appdata\local\temp\ne75po.exe
uRun: [fmmbknkj5c2gdn4qw3u1w4x0okht8dnxu24lo8] c:\users\zavelin\appdata\local\temp\szx8t05b67.exe
uRun: [z9in1aua82qdfkpoi0u5tw2fn] c:\users\zavelin\appdata\local\temp\a7tt8z1v1.exe
uRun: [geyw4yz2xso514se5nqarhckf4xzcoxr5rwlt] c:\users\zavelin\appdata\local\temp\q1ovc5h2pr.exe
uRun: [s8x7ly78tjmlu7d1daslm61cpszjsz65] c:\users\zavelin\appdata\local\temp\pekwa0e78r7bv.exe
uRun: [e2ol7l172xdub1jbr5lva8yzqkjktl0t9317tb] c:\users\zavelin\appdata\local\temp\ngwqodbnon8ln.exe
uRun: [xazq2wg63kozx] c:\users\zavelin\appdata\local\temp\q0e7sin7of.exe
uRun: [o89bg7byo0i0] c:\users\zavelin\appdata\local\temp\avtbpellsblb.exe
uRun: [ou0lffjdcgpo9ckdsjlcgk5f51enbydzlw3fswosp8kg] c:\users\zavelin\appdata\local\temp\oell20i48m5a.exe
uRun: [g06bt4482l] c:\users\zavelin\appdata\local\temp\ms0p5n1.exe
uRun: [htsyeygnog4bdxfjskgr6fi2] c:\users\zavelin\appdata\local\temp\ck726lnbvmr.exe
uRun: [tolgpcf6af0n7f2dlcn7l9ue3nuuh8yk5dmxa9] c:\users\zavelin\appdata\local\temp\d15sb5sm0iq3.exe
uRun: [nc3qphbrf166qxls2ek5] c:\users\zavelin\appdata\local\temp\cy6c9p.exe
uRun: [bitm4glyt0wwvuxiwvv33nd0ens88giz8mp1w4bghlj7a] c:\users\zavelin\appdata\local\temp\hulhlptcsz6me.exe
uRun: [hfudn5y7taqd3ak4vtkenxmfgsle1478oap0] c:\users\zavelin\appdata\local\temp\w5jb5q0kih9w.exe
uRun: [jlp3pct1gx] c:\users\zavelin\appdata\local\temp\numgvh.exe
uRun: [a30sf5nlonhthemhip0xdorkg67my8hwyx] c:\users\zavelin\appdata\local\temp\x2m3lt18.exe
uRun: [ock66bnwca] c:\users\zavelin\appdata\local\temp\nc8rnlb6ekg.exe
uRun: [prwrez6xd5n5z25h1vjexyvvs8xbvydzgb5m8] c:\users\zavelin\appdata\local\temp\b7l91b5bzzitm.exe
uRun: [ayhfvor5xt7gczzt10a7zkatk6wnootdm] c:\users\zavelin\appdata\local\temp\sw5vr2.exe
uRun: [fv990nj9pc497sbstj5nmczmxla322xzaqe6s37j09go3y] c:\users\zavelin\appdata\local\temp\ritqavs7.exe
uRun: [tz41c83klcw] c:\users\zavelin\appdata\local\temp\pkkut0ny.exe
uRun: [hb8897c1i2vys1i2pecc] c:\users\zavelin\appdata\local\temp\nc35ead4.exe
uRun: [lzfosj1xk5wb22l53oh] c:\users\zavelin\appdata\local\temp\vgwlf5md.exe
uRun: [jbkbbq2i1zigczmo7uy9csb6y5gcwo4ww5q] c:\users\zavelin\appdata\local\temp\c3f6xgsshn1.exe
uRun: [tecjn0z2eyv7] c:\users\zavelin\appdata\local\temp\vqaugrkhgk3rz.exe
uRun: [mxyq8726i79v] c:\users\zavelin\appdata\local\temp\dd345gc3ihwc.exe
uRun: [odr63u81r0k5g8pf4xu1] c:\users\zavelin\appdata\local\temp\sbkli6aafzd.exe
uRun: [nvkfozfm3m4h1uysc3oz963x0ifoy0rzh8p8hw] c:\users\zavelin\appdata\local\temp\ck5q7yl3o02oo.exe
uRun: [qx2tcvi9e14knpqd11ipj6] c:\users\zavelin\appdata\local\temp\dztrowas8uk66.exe
uRun: [gj68kgl6bri1md406ft6ve8lp2l1jck496oymunqy7y1gi4n] c:\users\zavelin\appdata\local\temp\wd7duge5s11u.exe
uRun: [zzgfzo5n91n1hbtc3811wzij6r14xv3o21ys7c] c:\users\zavelin\appdata\local\temp\ij16debak.exe
uRun: [ys3v926mp3qscyw7bd2wauzd4zeb8q73o3ueuaulks8qy] c:\users\zavelin\appdata\local\temp\pi8rwq5.exe
uRun: [wat497k8jsul7kxa80xplkpfrvnfmh8] c:\users\zavelin\appdata\local\temp\iokq3cgo.exe
uRun: [pre95juu8sxrrmaqqsl9hdb9vd41rtk438mptjd22] c:\users\zavelin\appdata\local\temp\a1rge6721.exe
uRun: [tk0gdcvxre06q1665cfj65686m9lxt33g] c:\users\zavelin\appdata\local\temp\w7k99mih6.exe
uRun: [svnvavdtgsf] c:\users\zavelin\appdata\local\temp\pdwrgrtjqm.exe
uRun: [ubl9doe60] c:\users\zavelin\appdata\local\temp\udtepi0.exe
uRun: [k1fclxm4pjmmzw3jnfe66m9zojy5cujuu51rdd] c:\users\zavelin\appdata\local\temp\avb9r5n.exe
uRun: [ssb122ceswlfe0jc1c35] c:\users\zavelin\appdata\local\temp\zdmtma1p.exe
uRun: [tkxygydo0lvks7vr94urpu9rm3wpbhf] c:\users\zavelin\appdata\local\temp\tphdztixufqhx.exe
uRun: [w2hp97aanpx8k] c:\users\zavelin\appdata\local\temp\xax21lty04d7.exe
uRun: [pwkrqupsay8dvlsffu2brvd9loncgj2vfwc7] c:\users\zavelin\appdata\local\temp\dctv5m.exe
uRun: [qzc2hwjkin5eqba4jlbu0b4] c:\users\zavelin\appdata\local\temp\bm38scvsz7c.exe
uRun: [upaggr6z5w98fe5tzqvzcidn417mk4b3h8dx7cj9niearpu] c:\users\zavelin\appdata\local\temp\xbpnpgdjc1.exe
uRun: [r8b6tdikj35zruu58tnpe9btt54glfp2ofqxc8qy9sy6j9y] c:\users\zavelin\appdata\local\temp\q3kp52tzwp.exe
uRun: [gm1nh7evog8rqy1um86qorqbga8gim7vwig] c:\users\zavelin\appdata\local\temp\dxfr9896kev.exe
uRun: [kb5bhp35yoaqksmzl] c:\users\zavelin\appdata\local\temp\k7shmv4k5tp.exe
uRun: [pdcpsts756cf71pqzsltwk51oev99bekyiz1k1vaf7zf] c:\users\zavelin\appdata\local\temp\afxw72mj3o1.exe
uRun: [x2rhqdyjlmcw0al2q0g6lbv1wn6fu] c:\users\zavelin\appdata\local\temp\rvcebwg.exe
uRun: [kou1z93n1gf0de8fuix5ac3] c:\users\zavelin\appdata\local\temp\y7do6x28dv.exe
uRun: [kyflkzh42eys099pce7j2xdqwn8kel5q3blrmzwgtw] c:\users\zavelin\appdata\local\temp\k15wi18w.exe
uRun: [v2xq8l16v5udnn8zhivi9na7yvnwiokkz8s03] c:\users\zavelin\appdata\local\temp\kwmtsk3i0.exe
uRun: [o0t36o48i9xrxc1] c:\users\zavelin\appdata\local\temp\y2ulggeudvd.exe
uRun: [bk4d6vkvetujn5ctd6e27t] c:\users\zavelin\appdata\local\temp\g7abfoq.exe
uRun: [qfbi6zi031or5n8n3n4zl35qa85jvnzc] c:\users\zavelin\appdata\local\temp\rnk72zu.exe
uRun: [nzcxqfmnhwyi10duy73g8] c:\users\zavelin\appdata\local\temp\re5u1x4j98qhg.exe
uRun: [wn7xjp7maace6nsk1lqzd75gesy852ssl69nmnh] c:\users\zavelin\appdata\local\temp\glk7wp.exe
uRun: [v1jgsjp38oo3dkdvgoqm6cxg8gkedb9hzsgqhhctcgyu7lpxkb] c:\users\zavelin\appdata\local\temp\rdpndjdaxj7.exe
uRun: [o0mapdrh3mhuykuinf7dfsbz2xwdd79e66rfl912w6] c:\users\zavelin\appdata\local\temp\zhw629ejfz.exe
uRun: [o09gss7dbzz] c:\users\zavelin\appdata\local\temp\ar14tqu42lh.exe
uRun: [je7ngec8onlms2] c:\users\zavelin\appdata\local\temp\hqrpc27g1.exe
uRun: [gb5wqcccjzxbw9godlk9udxp1p3t29t5jfg2az4xhyw] c:\users\zavelin\appdata\local\temp\s4f82dx6b9ub8.exe
uRun: [qfcn9ze5u7gp8v1egdwi68a2hrab4h48g8y] c:\users\zavelin\appdata\local\temp\ni44k5bkw2vfl.exe
uRun: [q5bi1tngptjoysmh7] c:\users\zavelin\appdata\local\temp\z1gfntlzjyfi.exe
uRun: [p2odokdb13e506uhf3o3c7ma5cw793r7h] c:\users\zavelin\appdata\local\temp\hpplc2.exe
uRun: [aqqlulaal2imqx1zpjaqpek82p3yh3j96aop201] c:\users\zavelin\appdata\local\temp\s6suex77hbb65.exe
uRun: [vagaienb2j270m97xgsw] c:\users\zavelin\appdata\local\temp\h9svdew1t4i.exe
uRun: [ej9qkgccjy] c:\users\zavelin\appdata\local\temp\efcacl7tev5.exe
uRun: [e0u5g8asn4u6tfed0we59rtbyzqpt14n9smmv8ymdj8l1] c:\users\zavelin\appdata\local\temp\zgjv173yxp.exe
uRun: [utne4tqs2hnr7gg13c1t2390lwfqmss8] c:\users\zavelin\appdata\local\temp\d5ewe3gtkeuo.exe
uRun: [toqpkh5v2x0euc1ckpvtizbuxnzcyfhd1bayl] c:\users\zavelin\appdata\local\temp\pyjdsu.exe
uRun: [onjzd20l42e7ze1fg81xq2y4ce5ft2k9m] c:\users\zavelin\appdata\local\temp\xcxgbnlyow6y.exe
uRun: [v9k4exv75n5o121y14fzzwh5a8b2v3vfi5sw] c:\users\zavelin\appdata\local\temp\uolgvo9.exe
uRun: [ckweye0i9l2nob0vyqmda319qg5] c:\users\zavelin\appdata\local\temp\mk9hbt0.exe
uRun: [h0ikvbxpthjjic9xg2tqq6qk63ucplhi8yw5ul36] c:\users\zavelin\appdata\local\temp\rj9gfpxs23.exe
uRun: [s61c7808jotihli8j2vzidizd075v4m4pfe84skd7t2oc] c:\users\zavelin\appdata\local\temp\qvum7ou6r3.exe
uRun: [isrh6ujlxmndfxb2r7wyiwl9qcx] c:\users\zavelin\appdata\local\temp\nc1p0nnhygbg.exe
uRun: [qsbsbefmfyv09pdfxqwnxhdspvwwzaas5vfkq34ez7] c:\users\zavelin\appdata\local\temp\kow9d68f9.exe
uRun: [ny7qq9d4mgp8onhnea06lkm4ih0] c:\users\zavelin\appdata\local\temp\thrakf24ptoiv.exe
uRun: [y0via423io8db70dny2afszhi2] c:\users\zavelin\appdata\local\temp\ww5xkj2q.exe
uRun: [zov3r876npu3ldgvdkmx33la0j2wzuj0te7oj3coehieph] c:\users\zavelin\appdata\local\temp\em0xq52.exe
uRun: [m3jlztnojk1gsw0tz6ttwcko1t] c:\users\zavelin\appdata\local\temp\yo0xxp2d.exe
uRun: [vlj7p9eduut8iwh22f31yioj5ah02v6riol5m64esbf6lf3] c:\users\zavelin\appdata\local\temp\civi0l35q.exe
uRun: [g0jptt6dvd0c1ohjqhadsn1e1yvr7oqjyp52] c:\users\zavelin\appdata\local\temp\qp71mbh.exe
uRun: [uats17mohin6mxu1f7bar5fc4xxmvn3505nm5j5psi3] c:\users\zavelin\appdata\local\temp\trvbe70759rs.exe
uRun: [wsfh0u57e6gx5om8hiua7o79hpkrqc] c:\users\zavelin\appdata\local\temp\ag7c83.exe
uRun: [v9c55aunuddshpiakm8xt5wbq1kdzs8v93ptdjfykl] c:\users\zavelin\appdata\local\temp\b7caz3x.exe
uRun: [c3oyprzhybaa4yh7hrfslcgf69ej3ve7p] c:\users\zavelin\appdata\local\temp\t3jby8o.exe
uRun: [ej30hc4dtfuqy600y6y8whnkai667z] c:\users\zavelin\appdata\local\temp\udo96ppf.exe
uRun: [lkt1s5m0m8busfol] c:\users\zavelin\appdata\local\temp\iajsrdtn3.exe
uRun: [va932wl2o0isj4n98gld56d11wzdqhp] c:\users\zavelin\appdata\local\temp\a24kzl.exe
uRun: [k9m3y9tak74ymcemkv0] c:\users\zavelin\appdata\local\temp\h1bmix2a9ljy.exe
uRun: [lxxow6sxt61erjo7dojfnfgse5ty6bhowasccsmnaiba] c:\users\zavelin\appdata\local\temp\zxi6hlc1sfvr.exe
uRun: [qfg4ut204zxn6d33s89kflg] c:\users\zavelin\appdata\local\temp\ewzm2yq.exe
uRun: [wfllgj3lnuq7el1hv91mlv2cb0dq8t] c:\users\zavelin\appdata\local\temp\dmuobh.exe
uRun: [eio4yfv2vxtfurhehrst405de44d7n3vkj747g] c:\users\zavelin\appdata\local\temp\pa65s9zig5l.exe
uRun: [os5pr8ckfmuckb5oj0vhoew4vkgt420ix3bwo0xvb5zzjh] c:\users\zavelin\appdata\local\temp\g1kx92z3.exe
uRun: [iu52vgpdqz2ypy578twc5zj2f8vaovvkb2vews8985ac83z8j] c:\users\zavelin\appdata\local\temp\igznzvagaykg.exe
uRun: [zgf3yinp6cnva] c:\users\zavelin\appdata\local\temp\e1ipbf.exe
uRun: [dxp9w99p56d63kxpft3mp] c:\users\zavelin\appdata\local\temp\tzi655csdxk7m.exe
uRun: [irts5y27v8sujlzzyo8gnskwm2t3volinllgsmosjl7os] c:\users\zavelin\appdata\local\temp\t41qvmh6dg7k.exe
uRun: [i4egliplw8y5ggfnaglgb3p133pkqv] c:\users\zavelin\appdata\local\temp\f28riu8o0s8to.exe
uRun: [fmldpfrc19h] c:\users\zavelin\appdata\local\temp\v6ydbg5chn.exe
uRun: [f4ue8fcv9fts5zeubs6yit79d] c:\users\zavelin\appdata\local\temp\k9yevnrx.exe
uRun: [xsgzpry359a24xp72pw1fef3cgn] c:\users\zavelin\appdata\local\temp\u1czax9f.exe
uRun: [commji3gwzd] c:\users\zavelin\appdata\local\temp\oytf8j4s1u.exe
uRun: [veuw9wmlbc] c:\users\zavelin\appdata\local\temp\n75h02kh0.exe
uRun: [mp3aum1demm9m5q2yex138uvsfc3j40gh2b] c:\users\zavelin\appdata\local\temp\guhg7ovjk5.exe
uRun: [tltf4lineu74miqsx2ogfnhdka4wnjpx2cxq75fx5aotb9] c:\users\zavelin\appdata\local\temp\vbhx1xtqh.exe
uRun: [tqkfoqzv343c8i7p] c:\users\zavelin\appdata\local\temp\yqo0ncma3z.exe
uRun: [itsb5hwgvcgcll0it53w23cl5rdoejxovt7hy2af] c:\users\zavelin\appdata\local\temp\z0tyet6l4tu.exe
uRun: [ymvwtsgxk2d] c:\users\zavelin\appdata\local\temp\cf0i08z5q5pu.exe
uRun: [cdbwjrctljnt2lsd7] c:\users\zavelin\appdata\local\temp\j4cjd4.exe
uRun: [qcw9u1ptqkw0ta9kus1kh2r69529gofdcf9g9l3258c0tlm] c:\users\zavelin\appdata\local\temp\vlc0qua7atwsv.exe
uRun: [xxxnjajktu7] c:\users\zavelin\appdata\local\temp\mjuzh6n8.exe
uRun: [w9ikypo8brpq867ijcs3v3e8qw5ftaw05xzmxwl3] c:\users\zavelin\appdata\local\temp\n2obmykexx5.exe
uRun: [dt8xk19m16g2oejrm415m1keuteq9gaif] c:\users\zavelin\appdata\local\temp\gdjd210u0lg.exe
uRun: [tlkz2epn65e7lre9ojdj2okg5zjo2ybzj4qj] c:\users\zavelin\appdata\local\temp\h4obaikm1fu3.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition premium\avgnt.exe" /min
mRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
dRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
dRun: [zru8pvop6bgz25ruv3wyz] c:\windows\temp\b8o0tt2g7vi8z.exe
dRun: [pexy0rmmzwg4k29dvt7n7h3trj] c:\windows\temp\dvvceqprw4d2.exe
dRun: [e1o0rieibg9g1qupriighua45czuh426panrjoiovr9ko] c:\windows\temp\m7rf1w0o.exe
dRun: [oyu7e9a7v33seslnsssvy8xle0xr6l] c:\windows\temp\y2w5w8epvixhq.exe
dRun: [ak8vdxp0wdwy25rb5er5x3zyzuanw3x0o14cgy5je0s4mt2] c:\windows\temp\dmk4j1.exe
dRun: [khm5ldz3csblhzlf67os2o4p0jj0kzfm9mct] c:\windows\temp\ulzaf8tegmy.exe
dRun: [efs1hmclertmrmfvu16mh72anvbr0w7htryrhs] c:\windows\temp\xlgnn5i0.exe
dRun: [anlh4835oua] c:\windows\temp\noevrnv.exe
dRun: [nnsiavm91oo60unhr62n44yfqcb4qy5a] c:\windows\temp\poge8b4.exe
dRun: [phwqhffpmdg5z6szwsg3ftlz] c:\windows\temp\rr7jodh507j8.exe
dRun: [f7ancuil0na8d7egerl2vzes0s5yd5k8sr6ko9j4s0r2] c:\windows\temp\vml5c4y.exe
dRun: [ryy2lqcpo98sl1wo89i50pb9zbn30qqppgi3k8ttk2swwl77zs] c:\windows\temp\e20bl1jli3u.exe
dRun: [hhdzo2caomo85a6] c:\windows\temp\l94wex0mggp.exe
dRun: [y8ie1rcgtd4uepwexq66p4mz57htqjduhoml] c:\windows\temp\tfelwd.exe
dRun: [o0co3witir3l2l] c:\windows\temp\ln7z2q.exe
dRun: [y554o8pq19s245a1mxxmbeg13om5lvs4244mk5jxddfcp4qao] c:\windows\temp\c7y4cilkae.exe
dRun: [lq4tzu49ezab4g] c:\windows\temp\yrfj5jm7r.exe
dRun: [x04ejhf4z] c:\windows\temp\mbn5fsgg1tvpd.exe
dRun: [rir8f8xn0ifhxz1bi1izs41q84ki9wlnxwnk5b7q557y] c:\windows\temp\oxetvutzed.exe
dRun: [dsxikeoymg4leya82g7x9w] c:\windows\temp\t3oidau56fs0h.exe
dRun: [dba79ozewb] c:\windows\temp\ffgqu0iodh3.exe
dRun: [ev8vwfhn6b7rf05778y8kli4l3uzaybhiftojg] c:\windows\temp\tzslijx.exe
dRun: [s6n4a2u9ktubz08v9lfgwyvhm0o1bqys468] c:\windows\temp\kw8xrmqgn1ea.exe
dRun: [am94jht4f7txd59244gxtm7j2r] c:\windows\temp\ygzj1e16.exe
dRun: [zmho4oh1w4nxa51u0baofk] c:\windows\temp\wl4fm8utzgv.exe
dRun: [p8i1fw0kitqef2nsxyp4tq1dcigprfjkmwy7] c:\windows\temp\eren45.exe
dRun: [nqftehnav57esk2a8892x39v593gkfls32w8ihujd2hje0if] c:\windows\temp\ej4zi6wuodw4h.exe
dRun: [j28g3lk4vbetc0oche0b0bwcygr964bdtxr2xjnf6n5y0] c:\windows\temp\mpe70mej.exe
dRun: [u5beeb19zc68xiuys1xddl4u] c:\windows\temp\j5jnaln.exe
dRun: [pytfzhb72bpdjp14f5om23u9wfbo6oc69t5ytmhy1h] c:\windows\temp\apa9kuyl87j.exe
dRun: [tq6fjaq3f2p4r7mnt5656gp2cqu4dy] c:\windows\temp\hvddzl.exe
dRun: [gjdvl2u99cfin6xittca7xjg36b3ruscw7avtmkk4vduct] c:\windows\temp\vf4i9durhr.exe
dRun: [j0tv84k9wutbp37efwip0gcve58b4a] c:\windows\temp\k6x2ay.exe
dRun: [i4s9zncc3ikb8gtc8zg9re1s0r23] c:\windows\temp\yqook7onaz.exe
dRun: [cqlpbezgd39a6otc17031xunle2] c:\windows\temp\apizhc.exe
dRun: [zfddj79u7kuch1c36h6kq90yht78] c:\windows\temp\ivs7zsh3i.exe
dRun: [dxo7bkobvbpzg81tgr8qzaezz23mmg7scj] c:\windows\temp\w0s7na2.exe
dRun: [v80bd7pq6tl2ujzimvxd1hoz3kj3lxd] c:\windows\temp\sgz9jvui2rlc.exe
dRun: [tdslabc213xt32qtvgz2dites] c:\windows\temp\a6usto852xf.exe
dRun: [aayr5kdmdma6tlbb680h4lymamrpb5wku75] c:\windows\temp\e62f5q3ohz.exe
dRun: [ttqnp12r5dfgcnsgq8hgvedi6l88a6sa0f7v5hpwoz] c:\windows\temp\b1qfprrlotryw.exe
dRun: [lzqm0bcsy] c:\windows\temp\jalyzk589pgq.exe
dRun: [fbx0a1xapsmljx1sluatrkclb5ozex80sbtdrzqxfqimu] c:\windows\temp\lyubfd0.exe
dRun: [hfjd3vhwprgljf9l868yh3o2lcu1pieiquh0toqm5] c:\windows\temp\kaqwpzwc.exe
dRun: [l2l7gp8y3x96qtrwa1dx2v] c:\windows\temp\dw9ch4th.exe
dRun: [dr2mmzaj8y50q664h7oqlwxx16m0j5jf] c:\windows\temp\fi0henlagopmf.exe
dRun: [pn4k9fxcnhxdda87nj8hv81at3y3jmdw871cv1wheno3y] c:\windows\temp\anpowatefib.exe
dRun: [avd7pwoz295qf1cgu39z6yh] c:\windows\temp\j8zu26qyikyw.exe
dRun: [vgx9cws94zjbj0tv12jk4qj40p6me8rd] c:\windows\temp\lbm4qvibia.exe
dRun: [ppy6sy5vw] c:\windows\temp\axyljk.exe
dRun: [f28phnog1an1bxafscui41gbfhikg06wor] c:\windows\temp\tu2ouzyr.exe
dRun: [as9au1r22tqurxl0l6m8mugtiycpaos8smoisj9y] c:\windows\temp\p5q6hk.exe
dRun: [iuc2cw7nwfi5z91xb16i951p3c3dp6307b61u] c:\windows\temp\xc3zm9nz.exe
dRun: [eu4rkcbqygsfdv1j011jxjdqta71o6qf4] c:\windows\temp\h2qs8tun.exe
dRun: [nhpx6cjuxwxg5] c:\windows\temp\ggbf8opq9.exe
dRun: [inoy3rg55rxheuueq] c:\windows\temp\pgbmtyiho.exe
dRun: [oba2g6p4p1ylcu1xwi] c:\windows\temp\ywch715u.exe
dRun: [xs68fua3zapglo2rsj09k2r3z4pxp] c:\windows\temp\o5lnqlqfi4ql.exe
dRun: [d43kywayuayrnue55db1jyyl18vt5ognvgqus] c:\windows\temp\cq4d58.exe
dRun: [q5qk3tpnprqg6z0xqguo89xtca7c2c9glw7lfehhvqo6r] c:\windows\temp\lbv0u4z.exe
dRun: [ts25vf30j8ih] c:\windows\temp\rvglo0q.exe
dRun: [om6jf93x0k5rhbyjwxnb1l4t0m2jz4rds5g] c:\windows\temp\agbh8484.exe
dRun: [dkrjknclphhxax5ffcrvz5zu3] c:\windows\temp\i5z4pp.exe
dRun: [dus6wrvwvvkwrpdphd9uxui7598hoptzxuoq1i5d1taxifl90d] c:\windows\temp\hyyelh19oh.exe
dRun: [ttcaf9s3ay7o6pgbcobjvo80o9] c:\windows\temp\iumw2fqy8b.exe
dRun: [s5i3qejwoe2mi8twt58vtwl6qb9wkcum9tld] c:\windows\temp\eycpgbg.exe
dRun: [byjbx3fh2r01djdr6g1tpftepxo0trueohoegi9ugq] c:\windows\temp\yi60vq.exe
dRun: [p70bg14pa62h29do3h3j48uygofjixf] c:\windows\temp\fhdlelpbevrt.exe
dRun: [ktm9b5gz9boba] c:\windows\temp\jmuwon3wn.exe
dRun: [jvu4re4gclyo0xn19tj4ejy2quqjggjla] c:\windows\temp\psezr47w4.exe
dRun: [t1m9scwv3y4phau] c:\windows\temp\dlgfds.exe
dRun: [caju5zjsftdrf72j] c:\windows\temp\ngcja5kj.exe
dRun: [leny4xe4dune05xlg8drprwfczz16ctci4] c:\windows\temp\hb8j5gt05doot.exe
dRun: [m6lci4jgyya7wha8ktzhi3hwvll] c:\windows\temp\hdpsm1lx.exe
dRun: [ziklf3yoczaedzwhzydbjg49tv1w17c3rmjs6zckz7yczqia7o] c:\windows\temp\sh9w6z5to.exe
dRun: [vpvz7au6buam] c:\windows\temp\iyodl9wit.exe
dRun: [ht7g44xs550oze9jbyv] c:\windows\temp\tyvg11a53jjg.exe
dRun: [du7dwedde8ddi3znmuvrcdjw8] c:\windows\temp\u8ck20dfuzt.exe
dRun: [dn8slgdy5k078sfffryqrl2gto03qsg53caqhqk1m1sprq6nb] c:\windows\temp\q9a20o9av.exe
dRun: [e41ly6sk6hpz048irz3xc4h3mf90zoma7l] c:\windows\temp\k6y2rsxy6rd97.exe
dRun: [olnieeem5a3] c:\windows\temp\aeykhumqr5xq.exe
dRun: [t67tae6j8irjfjgg8juds] c:\windows\temp\ygp70gy0apkl.exe
dRun: [ovqwyr6rwcs6gzik2habfi8a5z1woej0t0zdkwx7eawt7dh] c:\windows\temp\g326koi86sf.exe
dRun: [pozxxz6h9pzt] c:\windows\temp\mj0cal3.exe
dRun: [ww0pfhly1jaw7xvi97h19mb2] c:\windows\temp\j2jwhwzba.exe
dRun: [tuzb7a2ojkca9k] c:\windows\temp\ltm1dx7xgiw.exe
dRun: [oxsjaoprwarg3b51043ez6fx] c:\windows\temp\up985x02blaq.exe
dRun: [w5g1y3jpq5h9xvqnv9b3tb7obskwqibgh51h6] c:\windows\temp\wclexc4va8mdv.exe
dRun: [k9ho71ijb25y4plntpji5lyysnxyv4mh0ox6gyrsl7n4a] c:\windows\temp\m4n06xd.exe
dRun: [ticup7hoizfxrzelwdyax96hzjdksmsqi1] c:\windows\temp\srhv5jvcb5el.exe
dRun: [ywa9zjl3yeuxfvrlxue700yq1fiq123xd8napi3hp] c:\windows\temp\fgckm8.exe
dRun: [o4raupdtq1njlge5a9qsnp9kf] c:\windows\temp\ufsxxi71.exe
dRun: [ubwboia8vlpy6zer] c:\windows\temp\fqft67jxpuk0.exe
dRun: [exez3ng0wtc17] c:\windows\temp\kmuhz735oq0.exe
dRun: [ou0lffjdcgpo9ckdsjlcgk5f51enbydzlw3fswosp8kg] c:\windows\temp\oell20i48m5a.exe
dRun: [u1g4uhvhm2tho812xti4o4z2wxsfu8ax3m] c:\windows\temp\n25nw423.exe
dRun: [jokn702tu1ap3wol] c:\windows\temp\gv2n9h5kis4q.exe
dRun: [unnzeenkm5lztfusxwgjht51spbvp39xnlzm4r8] c:\windows\temp\x35sz8sdl0fnc.exe
dRun: [klihrmlu18zmbm] c:\windows\temp\n0qqf2r.exe
dRun: [a14onuzr32chgx5f1spuxvsmndvioajeun1r1la4krycl3n01f] c:\windows\temp\yt1455ptb.exe
dRun: [lonubvg03] c:\windows\temp\hdysbtx0o5v.exe
dRun: [m1aculzhjhfgslbfpxnq2o2efsfkuwnxp3] c:\windows\temp\prtvb3g15.exe
dRun: [tamxpmt4hrp9] c:\windows\temp\orgs4wbf3.exe
dRun: [wyxagfpkwy8qnqpwso4dtmo905] c:\windows\temp\p7k0q8asqun.exe
dRun: [lfvanbxud00h5o9mrv7m1yczpquul5mwtq8ggmp1qobkphwts] c:\windows\temp\l3334b.exe
dRun: [ppbxmz1wmp64bbao1ddwb] c:\windows\temp\t9dwcmhlwu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rklaun~1.lnk - c:\program files\rk launcher\rk launcher 0.41 beta nightly\RKLauncher.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: avsda.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A0401AB6-634E-4E77-9E1F-231C29D523C1} - hxxp://www.windowsoffers.com/blockbuster/VistaPCDetector.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: c:\windows\system32\uisd33faj387dd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\uisd33faj387dd.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20081023.002\IDSvix86.sys [2008-10-24 270384]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-8 20384]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\avira\antivir personaledition premium\avmailc.exe [2009-1-17 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\avira\antivir personaledition premium\avwebgrd.exe [2009-1-17 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\avira\antivir personaledition premium\avesvc.exe [2009-1-17 41217]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-6-13 41008]
S2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe --> c:\windows\system32\mqsv32.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\drivers\idcphid.sys [2008-12-11 16256]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-8 954368]

=============== Created Last 30 ================

2009-02-17 08:12 <DIR> --d----- c:\program files\Trend Micro
2009-02-17 08:08 279,955,564 a------- c:\windows\MEMORY.DMP
2009-02-17 07:56 318,976 a------- c:\windows\system32\CF22179.exe
2009-02-17 07:56 <DIR> --d----- C:\ComboFix
2009-02-17 07:42 161,792 a------- c:\windows\SWREG.exe
2009-02-17 07:42 98,816 a------- c:\windows\sed.exe
2009-02-17 07:41 318,976 a------- c:\windows\system32\CF19384.exe
2009-02-16 18:03 0 a------- c:\windows\system32\drivers\seneka.sys
2009-02-16 03:11 15,000 a------- c:\windows\system32\uisd33faj387dd.dll
2009-02-16 03:11 0 a------- c:\windows\system32\drivers\senekawcqpyexi.sys
2009-02-16 03:11 216,576 a------- c:\windows\system32\mqapi.exe
2009-02-15 22:40 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-15 22:40 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-15 22:40 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 22:40 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-15 22:40 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-15 22:40 11,264 a------- c:\windows\system32\icardres.dll
2009-02-15 22:40 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-15 22:40 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-15 22:31 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-15 22:31 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-15 22:30 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-15 22:30 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-15 22:30 83,968 a------- c:\windows\system32\mscories.dll
2009-02-15 22:29 <DIR> --d----- c:\program files\Little Shop Of Treasures
2009-02-15 19:08 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-15 19:08 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-15 19:08 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-15 19:08 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-15 19:08 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 22:33 <DIR> --d----- c:\users\zavelin\appdata\roaming\Astroburn
2009-02-11 09:09 <DIR> --d----- c:\users\zavelin\Program Files
2009-02-10 23:34 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-10 23:31 <DIR> --d--r-- c:\program files\Skype
2009-02-10 23:30 <DIR> --d----- c:\programdata\Skype
2009-02-10 10:59 <DIR> --d----- C:\My Web Sites
2009-02-10 10:58 <DIR> --d----- c:\program files\WinHTTrack
2009-02-08 18:34 <DIR> --d----- C:\spd8v280
2009-02-07 18:42 <DIR> --d----- c:\program files\AMD
2009-02-07 18:39 34,304 a------- c:\windows\system32\drivers\AmdLLD.sys
2009-02-06 14:33 <DIR> --d----- c:\program files\Bonjour
2009-02-06 14:21 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-02-05 11:28 <DIR> --d----- c:\program files\Coupons
2009-02-04 18:28 <DIR> --d----- c:\users\zavelin\appdata\roaming\Ubisoft
2009-02-04 18:28 <DIR> --d----- c:\programdata\Ubisoft
2009-02-04 17:42 <DIR> --d----- c:\program files\Dead Space
2009-02-03 07:23 <DIR> --d----- c:\users\zavelin\appdata\roaming\IObit
2009-01-30 10:42 <DIR> --d----- c:\program files\Valve
2009-01-29 12:09 <DIR> --d----- c:\programdata\2DBoy
2009-01-29 12:09 <DIR> --d----- c:\progra~2\2DBoy
2009-01-29 12:06 <DIR> --d----- c:\program files\WorldOfGoo
2009-01-28 09:19 911,872 a------- c:\windows\system32\wininet.dll
2009-01-28 09:19 1,467,392 a------- c:\windows\system32\inetcpl.cpl
2009-01-27 10:56 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-27 10:50 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-23 12:31 <DIR> --d----- c:\users\zavelin\appdata\roaming\EuroTalk
2009-01-22 19:37 <DIR> --d----- c:\program files\Astroburn Toolbar
2009-01-22 19:37 <DIR> --d----- c:\program files\Astroburn
2009-01-21 13:31 <DIR> --d----- c:\program files\common files\Motorola Shared
2009-01-21 13:21 <DIR> --d----- c:\program files\Microsoft
2009-01-18 23:26 23 a------- c:\windows\BlendSettings.ini
2009-01-18 22:20 <DIR> --d----- c:\program files\Bethesda Softworks

==================== Find3M ====================

2009-02-07 18:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-07 18:42 51,200 a------- c:\windows\inf\infpub.dat
2009-02-07 18:39 86,016 a------- c:\windows\inf\infstor.dat
2009-01-15 05:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 05:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 05:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 05:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 05:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 05:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 05:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 05:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 05:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 05:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 05:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 05:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 05:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 05:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 05:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 05:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 04:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-07 10:49 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-08-30 18:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-26 16:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-26 16:45 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-26 16:45 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 8:27:07.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 18 February 2009 - 06:58 AM

Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. Dr. Web CureIt
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 25 February 2009 - 07:42 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users