Jump to content

The Google Redirect Virus and Malware.Trace


Recommended Posts

My computer has been infected with this virus for the last few weeks. I have run Malwarebytes' Anti-Malware four times. The first time I was informed that four infected objects were successfully removed. The next three times I ran it, Malware.Trace was found and supposedly removed. Google links redirect me still, and I am unable to access large websites, such as DeviantART.com. My web browser, Internet Explorer, tells me that it cannot display the page. Can anyone help me? I don't know how else to remove this.

This is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:35:17 PM, on 3/20/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sttray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\svcho.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\World of Warcraft\BackgroundDownloader.exe

C:\Program Files\Trillian\trillian.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shoryuken.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Jake Smith\Application Data\Macromedia\Common\d84860721.dll""

O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan

O4 - HKCU\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16

O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe

O4 - HKUS\S-1-5-19\..\Run: [rayulofana] Rundll32.exe "C:\WINDOWS\system32\fareruta.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\d84860721.dll"" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [rayulofana] Rundll32.exe "C:\WINDOWS\system32\fareruta.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\d84860721.dll"" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\d84860721.dll"" (User 'Default user')

O4 - Startup: ChkDisk.dll

O4 - Startup: ChkDisk.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O20 - AppInit_DLLs: dtziqy.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 9272 bytes

Link to post
Share on other sites

  • Staff

Hi,

From your HijackThislog, I can already tell that your version of malwarebytes is outdated, because I'm sure that Malwarebytes should delete most (if not all) malware related references.

That's why... Please update MalwareBytes.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a full scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

After i updated Malwarebytes and scanned it found 130 infected objects.

log file:

Malwarebytes' Anti-Malware 1.34

Database version: 1885

Windows 5.1.2600 Service Pack 3

3/22/2009 3:07:19 PM

mbam-log-2009-03-22 (15-07-19).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 134561

Time elapsed: 30 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 2

Registry Values Infected: 5

Registry Data Items Infected: 12

Folders Infected: 1

Files Infected: 159

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAKESM~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAKESM~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAKESM~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\JAKESM~1\APPLIC~1\MACROM~1\Common\d84860721.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> Delete on reboot.

Files Infected:

C:\Documents and Settings\Jake Smith\Application Data\Macromedia\Common\d84860721.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\d84860721.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Default User\Application Data\Macromedia\Common\d84860721.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jake Smith\Local Settings\Temp\d84860722.tmp (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\d84860721.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temp\d84860722.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146083.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0145079.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0145081.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0145083.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0145085.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146079.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146081.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146085.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146090.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146092.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146094.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP261\A0146096.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0146111.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0146112.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0146113.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147091.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147092.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147094.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147096.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147098.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147101.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147103.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP262\A0147104.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147105.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147106.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147107.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147109.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147111.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147113.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP263\A0147115.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147116.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147117.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147118.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147120.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147123.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147125.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP264\A0147126.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP265\A0147128.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP265\A0147129.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP265\A0147130.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP265\A0147131.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP266\A0147182.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP266\A0147183.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP266\A0147184.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP266\A0147186.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147219.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147463.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147604.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147607.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147609.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147624.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147644.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147646.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147648.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0147650.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0148644.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0148647.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0148649.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP267\A0148651.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP268\A0148655.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP268\A0148656.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP268\A0148658.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148663.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148664.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148666.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148670.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148672.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148674.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP269\A0148676.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148683.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148684.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148688.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148690.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148692.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148694.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP270\A0148696.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP272\A0148742.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP272\A0148743.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP272\A0148744.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0148803.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0148813.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0148827.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0148843.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0149706.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0149708.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0149710.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0149714.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0150690.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0150692.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0150694.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0150696.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0151690.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0151692.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0151694.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP273\A0151696.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP274\A0151699.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP274\A0151702.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP274\A0151703.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151750.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151768.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151716.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151717.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151718.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151733.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151735.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151737.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151739.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151752.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151754.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151756.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151770.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151772.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP275\A0151774.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0151781.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0151782.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0151785.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152769.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152770.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152772.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152774.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152819.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152821.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152823.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152825.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152943.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152939.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152941.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP276\A0152945.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP277\A0152959.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP277\A0152960.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP277\A0152961.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP278\A0153028.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP279\A0153038.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP279\A0153046.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP279\A0153056.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP279\A0153058.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP279\A0153060.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP279\A0153062.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP280\A0153090.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP280\A0153091.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP280\A0154057.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP280\A0154058.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP280\A0154060.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFB5428D-19DD-4099-9BE9-C95F76C6D7EB}\RP280\A0154062.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\3483.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> Delete on reboot.

C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> Delete on reboot.

C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Jake Smith\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jake Smith\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jake Smith\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

This is my new HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:13:05 PM, on 3/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sttray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shoryuken.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan

O4 - HKUS\S-1-5-19\..\Run: [rayulofana] Rundll32.exe "C:\WINDOWS\system32\fareruta.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\d84860721.dll"" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [rayulofana] Rundll32.exe "C:\WINDOWS\system32\fareruta.dll",s (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O20 - AppInit_DLLs: dtziqy.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 8165 bytes

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.