Dude Posted July 23, 2009 ID:101635 Share Posted July 23, 2009 I'm certainly having some computer problems that I can't fix on my own. I can't get Hijack this to do anything after downloading. I double click on HJTInstall and nothing happens. Malwarebytes was doing the same thing until I tried the tip found here: http://www.malwarebytes.org/forums/index.php?showtopic=7417 and changed the name of the set.exe and it installed. However, after the install, it of course would not run. Changing the name of MBAM.exe also produced the same "doing nothing" results. I'm at a lost as to what step to take next. These programs act the same even in safe mode. (won't launch) The only thing I've been able to run is a program I found called CounterSpy Antispyware. The only issuse it finds, but can't seem to remove permanently, is something it calls "FraudTool.win32.Antivirus2010 (v)".Aside from not being able to run these anti virus/maleware/spyware programs I'm also getting the google redirect issuse which I assume is part of whatever I may have. Any advice on where to go from here would be appreciated. Thanks. Link to post Share on other sites More sharing options...
Dude Posted July 23, 2009 Author ID:101641 Share Posted July 23, 2009 Update: I was able to start in safe mode and rename the MBAM.exe file. I just renamed it " df5f " at random. I then right clicked on that and went to properties. I went to the compatibility tab and selected "Run this program in compatibility mode for" and selected windows 2000. This allowed malewarebytes to open and preform a scan. After a reboot, everything seems to be running normal. I was able to launch Malwarebytes and update it. I also went to google and did not get the redirect bug. I have done and rescan and it found 3 more objects. Here is a copy of the malwarebytes text file that was created in safemode. Malwarebytes' Anti-Malware 1.39Database version: 2421Windows 5.1.2600 Service Pack 27/23/2009 10:39:57 AMmbam-log-2009-07-23 (10-39-57).txtScan type: Quick ScanObjects scanned: 96348Time elapsed: 3 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 12Registry Values Infected: 3Registry Data Items Infected: 11Folders Infected: 1Files Infected: 9Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\ViRsLab (Rogue.AVLab) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\virslabwarning.warningbho (Rogue.AVLab) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\virslabwarning.warningbho.1 (Rogue.AVLab) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.C:\Documents and Settings\James S\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\James S\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\James S\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\James S\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.c:\documents and settings\James S\favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.After I updated, here is the new log of the three additional items found. Malwarebytes' Anti-Malware 1.39Database version: 2487Windows 5.1.2600 Service Pack 27/23/2009 10:50:30 AMmbam-log-2009-07-23 (10-50-30).txtScan type: Quick ScanObjects scanned: 98797Time elapsed: 3 minute(s), 57 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.Not sure if any of this is helpful or not. Also, any suggestions on additional steps I should take to make sure I'm all clear? Link to post Share on other sites More sharing options...
Dude Posted July 24, 2009 Author ID:101983 Share Posted July 24, 2009 Another update. I was able to preform a full scan over night. Whatever "C:\WINDOWS\system32\uacinit.dll (Trojan.Agent)" is, Malwarebytes will not rid my machine of it. It says it will delete it on restart but every time I restart it will find it again. Also was able to locate another problem with the full deep scan here is copy of that log. Malwarebytes' Anti-Malware 1.39Database version: 2487Windows 5.1.2600 Service Pack 27/24/2009 7:58:20 AMmbam-log-2009-07-24 (07-58-20).txtScan type: Full Scan (C:\|)Objects scanned: 182996Time elapsed: 26 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\program files\DivX\divx player\pS2Xx.ddc (Backdoor.Bot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.Like I said, after the restart I get the following every time despite the claim they have been removed:Files Infected:c:\program files\DivX\divx player\pS2Xx.ddc (Backdoor.Bot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.I'm also going to include a Hijack this log as I've not done that yet and should have. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:11:46 AM, on 7/24/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\Program Files\Trend Micro\Internet Security 14\pccguide.exeC:\WINDOWS\stsystra.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\Program Files\iPod\bin\iPodService.exeC:\program files\mozilla firefox\firefox.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061111R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061111R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dllO3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startupO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\df5f.exe" /runcleanupscriptO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exeO4 - HKCU\..\Run: [ViRsLab] "C:\Program Files\ViRsLab\ViRsLab.exe"O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 7753 bytes Link to post Share on other sites More sharing options...
Dude Posted July 24, 2009 Author ID:101991 Share Posted July 24, 2009 Last update (hopefully)After doing a quick google search on "uacinit.dll" I was able to find another thread on these forums where a guy was having a issue with the same file. The advice on his thread was to following the instructions located at http://www.malwarebytes.org/forums/index.php?showtopic=12709 after the restart as it suggested, this is the Malwarebytes' log of the quickscanMalwarebytes' Anti-Malware 1.39Database version: 2487Windows 5.1.2600 Service Pack 27/24/2009 8:45:59 AMmbam-log-2009-07-24 (08-45-59).txtScan type: Quick ScanObjects scanned: 100926Time elapsed: 6 minute(s), 18 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\WINDOWS\system32\UACrudqgoewqn.dll (Trojan.TDSS) -> Quarantined and deleted successfully.c:\WINDOWS\system32\UACxswrmcphtp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.c:\WINDOWS\system32\UACiuwyrideoe.dat (Trojan.Agent) -> Quarantined and deleted successfully.c:\WINDOWS\system32\UACsaxfqrcjpy.dll (Trojan.Agent) -> Quarantined and deleted successfully.c:\WINDOWS\system32\UACtetobwwavp.dll (Trojan.Agent) -> Quarantined and deleted successfully.c:\WINDOWS\system32\UACwwjllrmsvb.dll (Trojan.Agent) -> Quarantined and deleted successfully.c:\WINDOWS\system32\drivers\UACrqlakvdksd.sys (Trojan.Agent) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Recommended Posts