musicrowmaniac Posted January 8, 2010 ID:181623 Share Posted January 8, 2010 Hope I am posting this correctly. mbam keeps finding this rootkit agent when it scans. windows\system32\drivers\ujilvi.sys (Rootkit.Agent). After scan I tell it to remove and it says it will be removed after reboot but it keeps showing back up. Any help in removal is appreciated, thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by Kuma Kuma at 13:53:39.37 on Fri 01/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1237 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============F:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exef:\Program Files\Microsoft Security Essentials\MsMpEng.exeF:\WINDOWS\System32\svchost.exe -k netsvcsF:\Program Files\AVG\AVG9\avgchsvx.exeF:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeF:\Program Files\AVG\AVG9\avgcsrvx.exeF:\WINDOWS\Explorer.EXEsvchost.exeF:\Program Files\Lavasoft\Ad-Aware\AAWService.exeF:\WINDOWS\system32\spoolsv.exesvchost.exeF:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeF:\Program Files\AskBarDis\bar\bin\AskService.exeF:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeF:\Program Files\AVG\AVG9\avgwdsvc.exeF:\WINDOWS\system32\CTsvcCDA.exeF:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeF:\PROGRA~1\AVG\AVG9\avgtray.exeF:\Program Files\Java\jre6\bin\jqs.exeF:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeF:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exeF:\WINDOWS\system32\nvsvc32.exeF:\WINDOWS\system32\svchost.exe -k imgsvcF:\Program Files\Microsoft Security Essentials\msseces.exeF:\Program Files\EPSON\Ink Monitor\InkMonitor.exeF:\WINDOWS\system32\ctfmon.exeF:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeF:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeF:\WINDOWS\system32\MsPMSPSv.exeF:\Program Files\AVG\AVG9\avgemc.exeF:\Program Files\AVG\AVG9\avgnsx.exeF:\Program Files\AVG\AVG9\avgcsrvx.exeF:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEF:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeF:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeF:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Documents and Settings\Kuma Kuma\Desktop\09k8umz5.exeF:\Documents and Settings\Kuma Kuma\Desktop\Defogger.exeF:\Program Files\Internet Explorer\iexplore.exeF:\Documents and Settings\Kuma Kuma\Desktop\dds.scrF:\WINDOWS\system32\wuauclt.exe============== Pseudo HJT Report ===============uStart Page = hxxp://shop.ebay.com/musicrowmaniac/m.html?_dmd=1&_in_kw=1&_ipg=50&_sop=12&_rdc=1uInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg9\toolbar\IEToolbar.dlluURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - f:\program files\askbardis\bar\bin\askBar.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg9\avgssie.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - f:\program files\avg\avg9\toolbar\IEToolbar.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - f:\program files\askbardis\bar\bin\askBar.dlluRun: [ctfmon.exe] f:\windows\system32\ctfmon.exeuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "f:\program files\common files\ahead\lib\NMBgMonitor.exe"mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE f:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [High Definition Audio Property Page Shortcut] HDAShCut.exemRun: [AVG9_TRAY] f:\progra~1\avg\avg9\avgtray.exemRun: [CTHelper] CTHELPER.EXEmRun: [updReg] f:\windows\UpdReg.EXEmRun: [ArcSoft Connection Service] f:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [HP OfficeJet T Series] "f:\program files\hewlett-packard\hp officejet t series\bin\ktchnsnk.exe" -reg "software\hewlett-packard\officejet t series\Install"mRun: [MSSE] "f:\program files\microsoft security essentials\msseces.exe" -hidemRun: [ink Monitor] f:\program files\epson\ink monitor\InkMonitor.exemRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottimedRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - f:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXEIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exeTrusted Zone: aol.com\freeDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257314708671DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg9\avgpp.dllNotify: avgrsstarter - avgrsstx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll============= SERVICES / DRIVERS ===============R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [2009-11-2 64288]R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2009-11-2 333192]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2009-11-2 28424]R1 AvgTdiX;AVG Free Network Redirector;f:\windows\system32\drivers\avgtdix.sys [2009-11-2 360584]R1 MpFilter;Microsoft Malware Protection Driver;f:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]R2 ASKService;ASKService;f:\program files\askbardis\bar\bin\AskService.exe [2009-12-7 464264]R2 ASKUpgrade;ASKUpgrade;f:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-12-7 234888]R2 avg9emc;AVG Free E-mail Scanner;f:\program files\avg\avg9\avgemc.exe [2009-11-2 906520]R2 avg9wd;AVG Free WatchDog;f:\program files\avg\avg9\avgwdsvc.exe [2009-11-2 285392]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]R3 WFLR6654;WinFast TV2000 XP Expert (FM1236MK3);f:\windows\system32\drivers\wfeaglxt.sys [2009-11-2 433792]S1 aeghbshv;aeghbshv;\??\f:\windows\system32\drivers\aeghbshv.sys --> f:\windows\system32\drivers\aeghbshv.sys [?]S1 aqqadanm;aqqadanm;\??\f:\windows\system32\drivers\aqqadanm.sys --> f:\windows\system32\drivers\aqqadanm.sys [?]S1 arejlrwj;arejlrwj;\??\f:\windows\system32\drivers\arejlrwj.sys --> f:\windows\system32\drivers\arejlrwj.sys [?]S1 argonrer;argonrer;\??\f:\windows\system32\drivers\argonrer.sys --> f:\windows\system32\drivers\argonrer.sys [?]S1 auckpibu;auckpibu;\??\f:\windows\system32\drivers\auckpibu.sys --> f:\windows\system32\drivers\auckpibu.sys [?]S1 azrwrpkr;azrwrpkr;\??\f:\windows\system32\drivers\azrwrpkr.sys --> f:\windows\system32\drivers\azrwrpkr.sys [?]S1 bctqmvhv;bctqmvhv;\??\f:\windows\system32\drivers\bctqmvhv.sys --> f:\windows\system32\drivers\bctqmvhv.sys [?]S1 bkatrrqs;bkatrrqs;\??\f:\windows\system32\drivers\bkatrrqs.sys --> f:\windows\system32\drivers\bkatrrqs.sys [?]S1 bomtsmyo;bomtsmyo;\??\f:\windows\system32\drivers\bomtsmyo.sys --> f:\windows\system32\drivers\bomtsmyo.sys [?]S1 bowpdlvc;bowpdlvc;\??\f:\windows\system32\drivers\bowpdlvc.sys --> f:\windows\system32\drivers\bowpdlvc.sys [?]S1 brxcvmtl;brxcvmtl;\??\f:\windows\system32\drivers\brxcvmtl.sys --> f:\windows\system32\drivers\brxcvmtl.sys [?]S1 bxltyorm;bxltyorm;\??\f:\windows\system32\drivers\bxltyorm.sys --> f:\windows\system32\drivers\bxltyorm.sys [?]S1 bzrgyguh;bzrgyguh;\??\f:\windows\system32\drivers\bzrgyguh.sys --> f:\windows\system32\drivers\bzrgyguh.sys [?]S1 calaarvo;calaarvo;\??\f:\windows\system32\drivers\calaarvo.sys --> f:\windows\system32\drivers\calaarvo.sys [?]S1 cgkofcau;cgkofcau;\??\f:\windows\system32\drivers\cgkofcau.sys --> f:\windows\system32\drivers\cgkofcau.sys [?]S1 cpexgdmn;cpexgdmn;\??\f:\windows\system32\drivers\cpexgdmn.sys --> f:\windows\system32\drivers\cpexgdmn.sys [?]S1 cxcrvwsj;cxcrvwsj;\??\f:\windows\system32\drivers\cxcrvwsj.sys --> f:\windows\system32\drivers\cxcrvwsj.sys [?]S1 dbrimukc;dbrimukc;\??\f:\windows\system32\drivers\dbrimukc.sys --> f:\windows\system32\drivers\dbrimukc.sys [?]S1 dlqizjxx;dlqizjxx;\??\f:\windows\system32\drivers\dlqizjxx.sys --> f:\windows\system32\drivers\dlqizjxx.sys [?]S1 dtigchfb;dtigchfb;\??\f:\windows\system32\drivers\dtigchfb.sys --> f:\windows\system32\drivers\dtigchfb.sys [?]S1 dxcljcix;dxcljcix;\??\f:\windows\system32\drivers\dxcljcix.sys --> f:\windows\system32\drivers\dxcljcix.sys [?]S1 dyadkcay;dyadkcay;\??\f:\windows\system32\drivers\dyadkcay.sys --> f:\windows\system32\drivers\dyadkcay.sys [?]S1 ecqcgket;ecqcgket;\??\f:\windows\system32\drivers\ecqcgket.sys --> f:\windows\system32\drivers\ecqcgket.sys [?]S1 enfjkyot;enfjkyot;\??\f:\windows\system32\drivers\enfjkyot.sys --> f:\windows\system32\drivers\enfjkyot.sys [?]S1 ewlrtkzf;ewlrtkzf;\??\f:\windows\system32\drivers\ewlrtkzf.sys --> f:\windows\system32\drivers\ewlrtkzf.sys [?]S1 fbfwhwyt;fbfwhwyt;\??\f:\windows\system32\drivers\fbfwhwyt.sys --> f:\windows\system32\drivers\fbfwhwyt.sys [?]S1 fguzgngh;fguzgngh;\??\f:\windows\system32\drivers\fguzgngh.sys --> f:\windows\system32\drivers\fguzgngh.sys [?]S1 fnniotsr;fnniotsr;\??\f:\windows\system32\drivers\fnniotsr.sys --> f:\windows\system32\drivers\fnniotsr.sys [?]S1 fzuzfzzt;fzuzfzzt;\??\f:\windows\system32\drivers\fzuzfzzt.sys --> f:\windows\system32\drivers\fzuzfzzt.sys [?]S1 gcdixoke;gcdixoke;\??\f:\windows\system32\drivers\gcdixoke.sys --> f:\windows\system32\drivers\gcdixoke.sys [?]S1 glicoqew;glicoqew;\??\f:\windows\system32\drivers\glicoqew.sys --> f:\windows\system32\drivers\glicoqew.sys [?]S1 goleolcm;goleolcm;\??\f:\windows\system32\drivers\goleolcm.sys --> f:\windows\system32\drivers\goleolcm.sys [?]S1 gvqejion;gvqejion;\??\f:\windows\system32\drivers\gvqejion.sys --> f:\windows\system32\drivers\gvqejion.sys [?]S1 hhbizahm;hhbizahm;\??\f:\windows\system32\drivers\hhbizahm.sys --> f:\windows\system32\drivers\hhbizahm.sys [?]S1 hlechkqm;hlechkqm;\??\f:\windows\system32\drivers\hlechkqm.sys --> f:\windows\system32\drivers\hlechkqm.sys [?]S1 hlidcsxl;hlidcsxl;\??\f:\windows\system32\drivers\hlidcsxl.sys --> f:\windows\system32\drivers\hlidcsxl.sys [?]S1 hnziennk;hnziennk;\??\f:\windows\system32\drivers\hnziennk.sys --> f:\windows\system32\drivers\hnziennk.sys [?]S1 hveeezit;hveeezit;\??\f:\windows\system32\drivers\hveeezit.sys --> f:\windows\system32\drivers\hveeezit.sys [?]S1 ignmubpc;ignmubpc;\??\f:\windows\system32\drivers\ignmubpc.sys --> f:\windows\system32\drivers\ignmubpc.sys [?]S1 ijxfndks;ijxfndks;\??\f:\windows\system32\drivers\ijxfndks.sys --> f:\windows\system32\drivers\ijxfndks.sys [?]S1 ikolousw;ikolousw;\??\f:\windows\system32\drivers\ikolousw.sys --> f:\windows\system32\drivers\ikolousw.sys [?]S1 imjtbzug;imjtbzug;\??\f:\windows\system32\drivers\imjtbzug.sys --> f:\windows\system32\drivers\imjtbzug.sys [?]S1 imzzlfoz;imzzlfoz;\??\f:\windows\system32\drivers\imzzlfoz.sys --> f:\windows\system32\drivers\imzzlfoz.sys [?]S1 isxbiamw;isxbiamw;\??\f:\windows\system32\drivers\isxbiamw.sys --> f:\windows\system32\drivers\isxbiamw.sys [?]S1 iyedmidp;iyedmidp;\??\f:\windows\system32\drivers\iyedmidp.sys --> f:\windows\system32\drivers\iyedmidp.sys [?]S1 jedytlrf;jedytlrf;\??\f:\windows\system32\drivers\jedytlrf.sys --> f:\windows\system32\drivers\jedytlrf.sys [?]S1 jrrppdah;jrrppdah;\??\f:\windows\system32\drivers\jrrppdah.sys --> f:\windows\system32\drivers\jrrppdah.sys [?]S1 jvsvorlb;jvsvorlb;\??\f:\windows\system32\drivers\jvsvorlb.sys --> f:\windows\system32\drivers\jvsvorlb.sys [?]S1 kciuwphg;kciuwphg;\??\f:\windows\system32\drivers\kciuwphg.sys --> f:\windows\system32\drivers\kciuwphg.sys [?]S1 kemfjghp;kemfjghp;\??\f:\windows\system32\drivers\kemfjghp.sys --> f:\windows\system32\drivers\kemfjghp.sys [?]S1 kkdnpmgb;kkdnpmgb;\??\f:\windows\system32\drivers\kkdnpmgb.sys --> f:\windows\system32\drivers\kkdnpmgb.sys [?]S1 kmksifos;kmksifos;\??\f:\windows\system32\drivers\kmksifos.sys --> f:\windows\system32\drivers\kmksifos.sys [?]S1 labdukht;labdukht;\??\f:\windows\system32\drivers\labdukht.sys --> f:\windows\system32\drivers\labdukht.sys [?]S1 lfydxjxb;lfydxjxb;\??\f:\windows\system32\drivers\lfydxjxb.sys --> f:\windows\system32\drivers\lfydxjxb.sys [?]S1 lscfkvxy;lscfkvxy;\??\f:\windows\system32\drivers\lscfkvxy.sys --> f:\windows\system32\drivers\lscfkvxy.sys [?]S1 ltrruucv;ltrruucv;\??\f:\windows\system32\drivers\ltrruucv.sys --> f:\windows\system32\drivers\ltrruucv.sys [?]S1 lueyojku;lueyojku;\??\f:\windows\system32\drivers\lueyojku.sys --> f:\windows\system32\drivers\lueyojku.sys [?]S1 maiiwtrr;maiiwtrr;\??\f:\windows\system32\drivers\maiiwtrr.sys --> f:\windows\system32\drivers\maiiwtrr.sys [?]S1 meaxdegg;meaxdegg;\??\f:\windows\system32\drivers\meaxdegg.sys --> f:\windows\system32\drivers\meaxdegg.sys [?]S1 mlyoeaia;mlyoeaia;\??\f:\windows\system32\drivers\mlyoeaia.sys --> f:\windows\system32\drivers\mlyoeaia.sys [?]S1 mproxobx;mproxobx;\??\f:\windows\system32\drivers\mproxobx.sys --> f:\windows\system32\drivers\mproxobx.sys [?]S1 mrjdbcyt;mrjdbcyt;\??\f:\windows\system32\drivers\mrjdbcyt.sys --> f:\windows\system32\drivers\mrjdbcyt.sys [?]S1 mullndjt;mullndjt;\??\f:\windows\system32\drivers\mullndjt.sys --> f:\windows\system32\drivers\mullndjt.sys [?]S1 mwbbycpl;mwbbycpl;\??\f:\windows\system32\drivers\mwbbycpl.sys --> f:\windows\system32\drivers\mwbbycpl.sys [?]S1 mykfdedm;mykfdedm;\??\f:\windows\system32\drivers\mykfdedm.sys --> f:\windows\system32\drivers\mykfdedm.sys [?]S1 neydofql;neydofql;\??\f:\windows\system32\drivers\neydofql.sys --> f:\windows\system32\drivers\neydofql.sys [?]S1 nhypcqyd;nhypcqyd;\??\f:\windows\system32\drivers\nhypcqyd.sys --> f:\windows\system32\drivers\nhypcqyd.sys [?]S1 nlmieham;nlmieham;\??\f:\windows\system32\drivers\nlmieham.sys --> f:\windows\system32\drivers\nlmieham.sys [?]S1 nukrefpg;nukrefpg;\??\f:\windows\system32\drivers\nukrefpg.sys --> f:\windows\system32\drivers\nukrefpg.sys [?]S1 oesnwkqk;oesnwkqk;\??\f:\windows\system32\drivers\oesnwkqk.sys --> f:\windows\system32\drivers\oesnwkqk.sys [?]S1 ooyjuyez;ooyjuyez;\??\f:\windows\system32\drivers\ooyjuyez.sys --> f:\windows\system32\drivers\ooyjuyez.sys [?]S1 otcmqlht;otcmqlht;\??\f:\windows\system32\drivers\otcmqlht.sys --> f:\windows\system32\drivers\otcmqlht.sys [?]S1 ovgqhhhv;ovgqhhhv;\??\f:\windows\system32\drivers\ovgqhhhv.sys --> f:\windows\system32\drivers\ovgqhhhv.sys [?]S1 oxdhtrji;oxdhtrji;\??\f:\windows\system32\drivers\oxdhtrji.sys --> f:\windows\system32\drivers\oxdhtrji.sys [?]S1 parhpngf;parhpngf;\??\f:\windows\system32\drivers\parhpngf.sys --> f:\windows\system32\drivers\parhpngf.sys [?]S1 pemzarxi;pemzarxi;\??\f:\windows\system32\drivers\pemzarxi.sys --> f:\windows\system32\drivers\pemzarxi.sys [?]S1 pghdzsam;pghdzsam;\??\f:\windows\system32\drivers\pghdzsam.sys --> f:\windows\system32\drivers\pghdzsam.sys [?]S1 pmquebso;pmquebso;\??\f:\windows\system32\drivers\pmquebso.sys --> f:\windows\system32\drivers\pmquebso.sys [?]S1 pvdlfcmp;pvdlfcmp;\??\f:\windows\system32\drivers\pvdlfcmp.sys --> f:\windows\system32\drivers\pvdlfcmp.sys [?]S1 pxawfmoo;pxawfmoo;\??\f:\windows\system32\drivers\pxawfmoo.sys --> f:\windows\system32\drivers\pxawfmoo.sys [?]S1 qcmgstoh;qcmgstoh;\??\f:\windows\system32\drivers\qcmgstoh.sys --> f:\windows\system32\drivers\qcmgstoh.sys [?]S1 qgfetsei;qgfetsei;\??\f:\windows\system32\drivers\qgfetsei.sys --> f:\windows\system32\drivers\qgfetsei.sys [?]S1 qhckyhxh;qhckyhxh;\??\f:\windows\system32\drivers\qhckyhxh.sys --> f:\windows\system32\drivers\qhckyhxh.sys [?]S1 qjgmdbve;qjgmdbve;\??\f:\windows\system32\drivers\qjgmdbve.sys --> f:\windows\system32\drivers\qjgmdbve.sys [?]S1 qlvinmaf;qlvinmaf;\??\f:\windows\system32\drivers\qlvinmaf.sys --> f:\windows\system32\drivers\qlvinmaf.sys [?]S1 qpxchqbx;qpxchqbx;\??\f:\windows\system32\drivers\qpxchqbx.sys --> f:\windows\system32\drivers\qpxchqbx.sys [?]S1 rcfsivfx;rcfsivfx;\??\f:\windows\system32\drivers\rcfsivfx.sys --> f:\windows\system32\drivers\rcfsivfx.sys [?]S1 recuypfw;recuypfw;\??\f:\windows\system32\drivers\recuypfw.sys --> f:\windows\system32\drivers\recuypfw.sys [?]S1 rfvedfdq;rfvedfdq;\??\f:\windows\system32\drivers\rfvedfdq.sys --> f:\windows\system32\drivers\rfvedfdq.sys [?]S1 rhweoinu;rhweoinu;\??\f:\windows\system32\drivers\rhweoinu.sys --> f:\windows\system32\drivers\rhweoinu.sys [?]S1 rlyjmuuk;rlyjmuuk;\??\f:\windows\system32\drivers\rlyjmuuk.sys --> f:\windows\system32\drivers\rlyjmuuk.sys [?]S1 rntrpwqx;rntrpwqx;\??\f:\windows\system32\drivers\rntrpwqx.sys --> f:\windows\system32\drivers\rntrpwqx.sys [?]S1 rpddjhqt;rpddjhqt;\??\f:\windows\system32\drivers\rpddjhqt.sys --> f:\windows\system32\drivers\rpddjhqt.sys [?]S1 rsrnyirs;rsrnyirs;\??\f:\windows\system32\drivers\rsrnyirs.sys --> f:\windows\system32\drivers\rsrnyirs.sys [?]S1 rywoanpw;rywoanpw;\??\f:\windows\system32\drivers\rywoanpw.sys --> f:\windows\system32\drivers\rywoanpw.sys [?]S1 rzcmdzbs;rzcmdzbs;\??\f:\windows\system32\drivers\rzcmdzbs.sys --> f:\windows\system32\drivers\rzcmdzbs.sys [?]S1 sbyvmkng;sbyvmkng;\??\f:\windows\system32\drivers\sbyvmkng.sys --> f:\windows\system32\drivers\sbyvmkng.sys [?]S1 sfthnakr;sfthnakr;\??\f:\windows\system32\drivers\sfthnakr.sys --> f:\windows\system32\drivers\sfthnakr.sys [?]S1 sjlpocif;sjlpocif;\??\f:\windows\system32\drivers\sjlpocif.sys --> f:\windows\system32\drivers\sjlpocif.sys [?]S1 slqgjxcx;slqgjxcx;\??\f:\windows\system32\drivers\slqgjxcx.sys --> f:\windows\system32\drivers\slqgjxcx.sys [?]S1 srtpycmh;srtpycmh;\??\f:\windows\system32\drivers\srtpycmh.sys --> f:\windows\system32\drivers\srtpycmh.sys [?]S1 strtegiu;strtegiu;\??\f:\windows\system32\drivers\strtegiu.sys --> f:\windows\system32\drivers\strtegiu.sys [?]S1 szwbgawb;szwbgawb;\??\f:\windows\system32\drivers\szwbgawb.sys --> f:\windows\system32\drivers\szwbgawb.sys [?]S1 tbrjegga;tbrjegga;\??\f:\windows\system32\drivers\tbrjegga.sys --> f:\windows\system32\drivers\tbrjegga.sys [?]S1 tdzdljvd;tdzdljvd;\??\f:\windows\system32\drivers\tdzdljvd.sys --> f:\windows\system32\drivers\tdzdljvd.sys [?]S1 tfrcnjiy;tfrcnjiy;\??\f:\windows\system32\drivers\tfrcnjiy.sys --> f:\windows\system32\drivers\tfrcnjiy.sys [?]S1 tmlidgsw;tmlidgsw;\??\f:\windows\system32\drivers\tmlidgsw.sys --> f:\windows\system32\drivers\tmlidgsw.sys [?]S1 tohllhsw;tohllhsw;\??\f:\windows\system32\drivers\tohllhsw.sys --> f:\windows\system32\drivers\tohllhsw.sys [?]S1 tpnuhozj;tpnuhozj;\??\f:\windows\system32\drivers\tpnuhozj.sys --> f:\windows\system32\drivers\tpnuhozj.sys [?]S1 tpvfigae;tpvfigae;\??\f:\windows\system32\drivers\tpvfigae.sys --> f:\windows\system32\drivers\tpvfigae.sys [?]S1 tusmsarr;tusmsarr;\??\f:\windows\system32\drivers\tusmsarr.sys --> f:\windows\system32\drivers\tusmsarr.sys [?]S1 txsfeiai;txsfeiai;\??\f:\windows\system32\drivers\txsfeiai.sys --> f:\windows\system32\drivers\txsfeiai.sys [?]S1 tyejrwwm;tyejrwwm;\??\f:\windows\system32\drivers\tyejrwwm.sys --> f:\windows\system32\drivers\tyejrwwm.sys [?]S1 uicdeaon;uicdeaon;\??\f:\windows\system32\drivers\uicdeaon.sys --> f:\windows\system32\drivers\uicdeaon.sys [?]S1 uijfulsc;uijfulsc;\??\f:\windows\system32\drivers\uijfulsc.sys --> f:\windows\system32\drivers\uijfulsc.sys [?]S1 vjmyjzwf;vjmyjzwf;\??\f:\windows\system32\drivers\vjmyjzwf.sys --> f:\windows\system32\drivers\vjmyjzwf.sys [?]S1 vmodpmnj;vmodpmnj;\??\f:\windows\system32\drivers\vmodpmnj.sys --> f:\windows\system32\drivers\vmodpmnj.sys [?]S1 vsivizfm;vsivizfm;\??\f:\windows\system32\drivers\vsivizfm.sys --> f:\windows\system32\drivers\vsivizfm.sys [?]S1 vvoojcck;vvoojcck;\??\f:\windows\system32\drivers\vvoojcck.sys --> f:\windows\system32\drivers\vvoojcck.sys [?]S1 wdzwfzpp;wdzwfzpp;\??\f:\windows\system32\drivers\wdzwfzpp.sys --> f:\windows\system32\drivers\wdzwfzpp.sys [?]S1 wlnwdkbu;wlnwdkbu;\??\f:\windows\system32\drivers\wlnwdkbu.sys --> f:\windows\system32\drivers\wlnwdkbu.sys [?]S1 xbybefrq;xbybefrq;\??\f:\windows\system32\drivers\xbybefrq.sys --> f:\windows\system32\drivers\xbybefrq.sys [?]S1 xlxnvabh;xlxnvabh;\??\f:\windows\system32\drivers\xlxnvabh.sys --> f:\windows\system32\drivers\xlxnvabh.sys [?]S1 xnnnwmml;xnnnwmml;\??\f:\windows\system32\drivers\xnnnwmml.sys --> f:\windows\system32\drivers\xnnnwmml.sys [?]S1 xqgeflhx;xqgeflhx;\??\f:\windows\system32\drivers\xqgeflhx.sys --> f:\windows\system32\drivers\xqgeflhx.sys [?]S1 xrpngisp;xrpngisp;\??\f:\windows\system32\drivers\xrpngisp.sys --> f:\windows\system32\drivers\xrpngisp.sys [?]S1 xymctymf;xymctymf;\??\f:\windows\system32\drivers\xymctymf.sys --> f:\windows\system32\drivers\xymctymf.sys [?]S1 yhzdistb;yhzdistb;\??\f:\windows\system32\drivers\yhzdistb.sys --> f:\windows\system32\drivers\yhzdistb.sys [?]S1 ylhlbtdv;ylhlbtdv;\??\f:\windows\system32\drivers\ylhlbtdv.sys --> f:\windows\system32\drivers\ylhlbtdv.sys [?]S1 yukilknq;yukilknq;\??\f:\windows\system32\drivers\yukilknq.sys --> f:\windows\system32\drivers\yukilknq.sys [?]S1 yulaurba;yulaurba;\??\f:\windows\system32\drivers\yulaurba.sys --> f:\windows\system32\drivers\yulaurba.sys [?]S1 zemesrfo;zemesrfo;\??\f:\windows\system32\drivers\zemesrfo.sys --> f:\windows\system32\drivers\zemesrfo.sys [?]S1 zgbktcak;zgbktcak;\??\f:\windows\system32\drivers\zgbktcak.sys --> f:\windows\system32\drivers\zgbktcak.sys [?]=============== Created Last 30 ================2010-01-08 18:50:47 0 ----a-w- f:\documents and settings\kuma kuma\defogger_reenable2009-12-31 17:04:27 197 ----a-w- f:\windows\PowerReg.dat2009-12-31 17:04:21 0 d-----w- F:\EPSONREG2009-12-31 17:03:53 203776 ----a-w- f:\windows\system32\EBAPI.dll2009-12-31 17:03:53 108032 ----a-w- f:\windows\system32\EBUtil.dll2009-12-31 17:03:30 139264 ----a-w- f:\windows\system32\EBAPI2.dll2009-12-31 17:03:30 0 d-----w- f:\program files\common files\EPSON2009-12-31 17:02:41 25856 -c--a-w- f:\windows\system32\dllcache\usbprint.sys2009-12-31 17:02:41 25856 ----a-w- f:\windows\system32\drivers\usbprint.sys2009-12-31 17:02:02 57344 ----a-w- f:\windows\system32\ECBTEG.DLL2009-12-31 17:02:01 61598 ----a-w- f:\windows\system32\EBPMON2.DLL2009-12-31 17:02:01 34304 ----a-w- f:\windows\system32\EBPCHP.DLL2009-12-31 17:02:01 0 d-----w- f:\program files\EPSON2009-12-31 17:02:00 10555 ----a-w- f:\windows\EPSTPLOG.BAK2009-12-31 17:01:51 23 ----a-w- f:\windows\EPSC80.ini2009-12-27 21:58:50 774144 ----a-w- f:\program files\RngInterstitial.dll2009-12-27 21:58:38 0 d-----w- f:\program files\common files\Real2009-12-17 11:47:00 773120 ----a-w- f:\windows\system32\drivers\ujilvi.sys2009-12-17 02:44:27 15664 ----a-w- f:\windows\system32\PSUITE.SCR2009-12-17 02:44:24 0 d-----w- f:\program files\MGI2009-12-16 17:26:16 0 d-----w- f:\program files\GetData==================== Find3M ====================2010-01-07 21:07:14 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys2010-01-07 21:07:04 19160 ----a-w- f:\windows\system32\drivers\mbam.sys2009-12-19 04:36:47 96512 ----a-w- f:\windows\system32\drivers\atapi.sys2009-11-10 02:30:43 360584 ----a-w- f:\windows\system32\drivers\avgtdix.sys2009-11-03 01:42:06 195456 ------w- f:\windows\system32\MpSigStub.exe2009-11-02 18:45:22 411368 ----a-w- f:\windows\system32\deploytk.dll2009-11-02 18:08:54 15880 ----a-w- f:\windows\system32\lsdelete.exe2009-11-02 17:22:24 12464 ----a-w- f:\windows\system32\avgrsstx.dll2009-11-02 16:40:10 21640 ----a-w- f:\windows\system32\emptyregdb.dat2009-10-29 07:45:38 916480 ----a-w- f:\windows\system32\wininet.dll2009-10-21 05:38:36 75776 ----a-w- f:\windows\system32\strmfilt.dll2009-10-21 05:38:36 25088 ----a-w- f:\windows\system32\httpapi.dll2009-10-13 10:30:16 270336 ----a-w- f:\windows\system32\oakley.dll2009-10-12 13:38:19 149504 ----a-w- f:\windows\system32\rastls.dll2009-10-12 13:38:18 79872 ----a-w- f:\windows\system32\raschap.dll============= FINISH: 13:54:19.04 ===============ark.zipAttach.zip Link to post Share on other sites More sharing options...
extremeboy Posted January 27, 2010 ID:190341 Share Posted January 27, 2010 Hello and welcome to Malwarebytes.I Apologize for the late response.If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.Please note that the forum is very busy and if I don Link to post Share on other sites More sharing options...
extremeboy Posted February 7, 2010 ID:195446 Share Posted February 7, 2010 Hello.Due to Lack of feedback, this topic is now Closed.If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.This applies only to the original topic starter.Everyone else please start a new topic.With Regards,Extremeboy Link to post Share on other sites More sharing options...
Recommended Posts