Hi
I recently had the antimalware doctor virus that I thought I removed. To make sure I did a malwarebytes scan last night in safe mode. It deleted some system restore files that were infected.
The problem now is that my browser still gets redirected to strange sites even though all scans (vipre, spybot S and D, and malwarebytes) show no infection.
The redirects usually happen when clicking on a link in a google search. I simply can't get rid of this problem.
I tried to use GMER but everytime I try to open the program even with all programs closed and internet and antivirus turned off I always get the following error: "2g4ecg27.exe has encountered a problem and needs to close. We are sorry for the inconvenience."
I also discovered another MAJOR problem while attempting to post this. Any time I try to attach files or paste malwarebytes or hijack this logs on this forums I keep getting an error that says 'connection was reset' when trying to post. I tried to email a copy to myself so I could post from another computer, and it won't even allow me to send the email. It keeps resetting the connection. I did a test email without the logs and it works fine. Obviously there is some kind of malware that recognizes these logs and attempts to stop me from sharing them. I wasn't aware a malicious program could be that malicious. It kind of scares me...
The only way I was able to post this was to save this to a text file and put it on a usb stick and send it from another computer.
I have attached my most recent malwarebytes log and hijack this log. Any help would be appreciated. Thanks.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:13 AM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Greg\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\Greg\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265828571837
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Vipre Trial Reset (.vipre_reset) - Unknown owner - C:\Program Files\Vipre_Reset.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6115 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4349
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
7/26/2010 10:21:13 PM
mbam-log-2010-07-26 (22-21-13).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 208819
Time elapsed: 1 hour(s), 14 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118118.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118119.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118121.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118122.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118123.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0120294.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0120295.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0120301.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0121300.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121309.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121310.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121312.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121434.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121436.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121438.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
I recently had the antimalware doctor virus that I thought I removed. To make sure I did a malwarebytes scan last night in safe mode. It deleted some system restore files that were infected.
The problem now is that my browser still gets redirected to strange sites even though all scans (vipre, spybot S and D, and malwarebytes) show no infection.
The redirects usually happen when clicking on a link in a google search. I simply can't get rid of this problem.
I tried to use GMER but everytime I try to open the program even with all programs closed and internet and antivirus turned off I always get the following error: "2g4ecg27.exe has encountered a problem and needs to close. We are sorry for the inconvenience."
I also discovered another MAJOR problem while attempting to post this. Any time I try to attach files or paste malwarebytes or hijack this logs on this forums I keep getting an error that says 'connection was reset' when trying to post. I tried to email a copy to myself so I could post from another computer, and it won't even allow me to send the email. It keeps resetting the connection. I did a test email without the logs and it works fine. Obviously there is some kind of malware that recognizes these logs and attempts to stop me from sharing them. I wasn't aware a malicious program could be that malicious. It kind of scares me...
The only way I was able to post this was to save this to a text file and put it on a usb stick and send it from another computer.
I have attached my most recent malwarebytes log and hijack this log. Any help would be appreciated. Thanks.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:13 AM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Greg\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\Greg\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265828571837
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Vipre Trial Reset (.vipre_reset) - Unknown owner - C:\Program Files\Vipre_Reset.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6115 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4349
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
7/26/2010 10:21:13 PM
mbam-log-2010-07-26 (22-21-13).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 208819
Time elapsed: 1 hour(s), 14 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118118.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118119.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118121.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118122.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP79\A0118123.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0120294.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0120295.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0120301.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP80\A0121300.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121309.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121310.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121312.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121434.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121436.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CA336B29-2A69-408B-B0EC-03391545751E}\RP81\A0121438.exe (Worm.KoobFace) -> Quarantined and deleted successfully.