Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malware probably IEXPLORE.EXE ?

Started by chevyv8 , Nov 08 2006 10:09 PM

  • Please log in to reply

#1
chevyv8
Posted 08 November 2006 - 10:09 PM

chevyv8

    Member

  • Member
  • PipPip
  • 11 posts
I hope you can help clean up my computer because nothing I've tried so far has worked. I have three problems that may be tied together so here goes- I can get on the internet sometimes but it's noticeably slower and it will randomly lose connection(I have HS cable). Secondly, random files keep popping up on my desktop that are eight letter characters followed by a .t extension. The third concern is that when I startup in safe mode my CPU usage in task manager pegs at 100% and doesn't allow me to do much of anything. There's also a program running that's IEXPLORE.EXE that bounces around and won't let me shut it down. I read online that when it's all caps it may be a problem. I've run Ewido, Ad-Aware, AVG 7.5, Malwarebot, and Spywarebot but all in regular mode with recover off (XP) because safe mode is useless. Here is my HJT Log and thanks in advance for any help!

Logfile of HijackThis v1.99.1
Scan saved at 9:43:55 PM, on 11/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Winamp\winampa.exe
C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
C:\WINDOWS\System32\adirss.exe
C:\WINDOWS\System32\spoolsvv.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;local
F1 - win.ini: run=fntldr.exe
O2 - BHO: (no name) - {503CAA27-DB72-FEA4-B78B-0821A0568716} - C:\WINDOWS\System32\bzubmum.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - HKLM\..\Run: [adir] C:\WINDOWS\System32\adirss.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\System32\wservice.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O20 - Winlogon Notify: wmstream32 - C:\WINDOWS\SYSTEM32\wmstream32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

Advertisements

#2
MFDnSC
Posted 11 November 2006 - 02:54 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Please click here http://www.majorgeek...ment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.

======================

1. Download this file :

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

====================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
  • 0

#3
chevyv8
Posted 13 November 2006 - 10:05 PM

chevyv8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay, I finally have some results. The java downloaded okay but wouldn't install. I then downloaded combofix, but after running it I couldn't access the internet anymore, so I ran it again with no status change ( firefox has errors-report to microsoft). I then went to my other user account where I have IE and was able to download the AVG from ewido. I tried to run it twice in safe mode but each time the computer rebooted in the middle of running it. Yesterday I spent several hours manually deleting files that I knew were bad hoping to improve things, but it didn't seem to make a difference. I came home from work today planning to try and pull off my pictures and music files and just reformatting, but I gave it one more shot. The AVG finally finished a scan and cleaned out the bad stuff. Here are the logs requested.Please let me know if theres anything else I should do. Thanks againjava script:emoticon(':thumbsup:', 'smid_18')
:whistling:Attached File  ComboFix.txt   9.96KB   235 downloads

Attached Files


  • 0

#4
chevyv8
Posted 13 November 2006 - 10:14 PM

chevyv8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It didnt seem to add the HJT or AVG reports to the first reply so here they are.Logfile of HijackThis v1.99.1
Scan saved at 9:42:25 PM, on 11/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Winamp\winampa.exe
C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;local
F1 - win.ini: run=fntldr.exe
O2 - BHO: (no name) - {503CAA27-DB72-FEA4-B78B-0821A0568716} - C:\WINDOWS\System32\bzubmum.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:29:48 PM 11/13/2006

+ Scan result:



C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009384.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009262.dll -> Logger.Delf.pv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001272.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001737.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002191.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002655.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003119.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003580.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004109.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004623.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0005984.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0006484.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0007862.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0007870.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009251.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009420.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009433.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009446.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009252.exe -> Proxy.Agent.lp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003579.exe -> Proxy.Lager.ea : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0009264.exe -> Proxy.Lager.ea : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\win53A8.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\win920D.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\winA1E.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\winB304.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\winD128.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\winEF55.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\winF42.tmp -> Proxy.Xorpix.at : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hm2u5i9c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004062.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adir.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\Program Files\MalwareBot\l6rUjUR.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000980.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000981.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000994.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000995.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000997.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000998.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0000999.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001000.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001001.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001002.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001003.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001004.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001005.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001006.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001007.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001008.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001009.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001010.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001011.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001012.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001013.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001014.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001016.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001017.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001018.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001019.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001020.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001021.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001022.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001023.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001024.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP4\A0001025.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001312.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001313.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001326.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001327.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001328.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001330.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001331.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001332.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001333.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001334.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001335.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001336.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001337.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001338.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001339.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001340.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001341.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001342.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001343.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001344.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001345.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001346.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001347.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001349.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001350.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001351.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001352.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001353.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001354.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001355.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001356.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001357.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001358.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001772.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001773.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001786.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001787.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001788.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001790.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001791.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001792.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001793.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001794.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001795.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001796.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001797.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001798.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001799.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001800.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001801.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001802.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001803.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001804.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001805.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001806.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001807.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001808.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001810.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001811.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001812.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001813.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001814.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001815.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001816.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001817.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001818.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0001819.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002228.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002229.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002242.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002243.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002244.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002245.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002247.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002248.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002249.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002250.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002251.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002252.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002253.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002254.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002255.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002256.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002257.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002258.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002259.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002260.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002261.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002262.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002263.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002264.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002265.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002267.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002268.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002269.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002270.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002271.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002272.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002273.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002274.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002275.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002276.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002694.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002695.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002708.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002709.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002710.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002711.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002713.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002714.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002715.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002716.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002717.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002718.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002719.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002720.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002721.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002722.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002723.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002724.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002725.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002726.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002727.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002728.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002729.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002730.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002731.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002732.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002733.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002735.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002736.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002737.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002738.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002739.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002740.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002741.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002742.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002743.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP5\A0002744.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003156.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003157.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003170.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003171.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003172.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003173.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003174.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003176.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003177.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003178.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003179.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003180.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003181.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003182.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003183.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003184.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003185.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003186.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003187.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003188.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003189.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003190.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003191.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003192.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003193.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003194.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003195.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003196.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003198.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003199.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003200.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003201.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003202.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003203.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003204.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003205.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003206.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003207.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003619.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003620.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003633.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003634.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003635.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003636.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003637.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003639.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003640.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003641.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003642.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003643.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003644.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003645.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003646.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003647.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003648.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003649.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003650.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003651.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003652.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003653.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003654.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003655.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003656.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003657.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003658.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003659.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003660.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003662.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003663.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003664.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003665.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003666.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003667.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003668.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003669.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003670.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003671.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004146.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004147.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004161.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004162.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004163.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004164.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004165.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004167.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004168.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004169.exe -> Worm.Glowa.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP7\A0004170.exe -> Worm.Glowa.b : Cleaned with bac
  • 0

#5
chevyv8
Posted 13 November 2006 - 11:13 PM

chevyv8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I hope I don't seem bothersome but one last post tonight. Two more things to note-When I try to start in safe mode the CPU is still pegged between 94 and 100 % and I'm having problems with the AVG 7.5 program. It opens upon startup and starts showing various programs with the I-worm/luder.a message then the error-report to microsoft window pops up. I tried downloading the program again and reinstalling it but it fails to reinstall. Thanks again.
  • 0

#6
MFDnSC
Posted 14 November 2006 - 10:03 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

F1 - win.ini: run=fntldr.exe

O2 - BHO: (no name) - {503CAA27-DB72-FEA4-B78B-0821A0568716} - C:\WINDOWS\System32\bzubmum.dll

O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
C:\WINDOWS\system32\dkifmcg.dll
C:\WINDOWS\system32\bzubmum.dll
C:\Program Files\rdluac.exe
C:\Program Files\pxbmjnmx.exe
C:\Documents and Settings\Owner\hGBCpQ6.exe
C:\Documents and Settings\Owner\oroXpfT.exe
C:\Documents and Settings\Owner\Pr6N2fk.exe
C:\Documents and Settings\Owner\IUP8bOr.exe
C:\Documents and Settings\Owner\o4dswuF.exe
C:\Documents and Settings\Owner\EHbL0an.exe
C:\Documents and Settings\Owner\mME38lB.exe
20C:\WINDOWS\comdlj32.dll
C:\WINDOWS\system32\spoolsvv.exe
C:\Documents and Settings\Owner\kUa83Uw.exe
C:\WINDOWS\system32\XMD5.dll
C:\Documents and Settings\Owner\r7Wv5dh.exe
C:\Documents and Settings\Owner\R3ruLU1.exe
C:\WINDOWS\system32\taskdir~.exe
C:\WINDOWS\system32\adir.dll
C:\Documents and Settings\Owner\pHgA8Xh.exe
C:\Documents and Settings\Owner\D3ve67b.exe
C:\WINDOWS\system32\iRs10Wp.exe
C:\Documents and Settings\Owner\H3BNrcu.exe
C:\Documents and Settings\Owner\O2U4hHn.exe
C:\Documents and Settings\Owner\d622P52.exe
C:\Documents and Settings\Owner\t1785KL.exe
C:\Documents and Settings\Owner\rD5oK5d.exe
C:\Documents and Settings\Owner\Mo4CnBP.exe
C:\Documents and Settings\Owner\r1s0HTi.exe
C:\WINDOWS\system32\T2knGkA.exe
C:\Documents and Settings\Owner\pP8rqcC.exe
C:\WINDOWS\sp_m2_v105_22.exe
C:\Documents and Settings\Owner\lpgQj13.exe
C:\Documents and Settings\Owner\xM2Sjk5.exe
C:\WINDOWS\system32\testtestt.exe
C:\WINDOWS\system32\o60rwp7.exe
C:\Documents and Settings\Owner\nw3a30P.exe
C:\WINDOWS\system32\loaded.exe
C:\WINDOWS\system32\X7jE1jv.exe
C:\WINDOWS\system32\c3lGQop.exe
C:\Documents and Settings\Owner\EG17kh3.exe
C:\Documents and Settings\Owner\tveq7X8.exe
C:\WINDOWS\system32\G2lNa5F.exe
C:\WINDOWS\system32\image1.gif.exe
C:\WINDOWS\system32\wmstream32.dll
C:\WINDOWS\system32\ss.exe.exe
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\c5KnoKQ.exe
C:\WINDOWS\system32\se.exe.exe
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\w.exe.exe
C:\WINDOWS\system32\wservice.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#7
chevyv8
Posted 17 November 2006 - 07:25 PM

chevyv8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I just got back to working on this problem- busy week ! I'm having problems with the killbox program. When I paste the file name into the box and click the "x" button, instead of asking for a file delete confirmation, it says file will be deleted upon reboot and asks if I want to reboot now. If i click no it erases the file from the display box and nothing happens. If I click yes it reboots after a few seconds. Is there a way to load them all and reboot once or will I have to reboot in safe mode after each file ? I already had killbox and thought it may have been a different version than the downloads you suggested, but after trying all three with the same results I'm not sure if I'm doing it correctly. What do you think? Thanks
  • 0

#8
MFDnSC
Posted 18 November 2006 - 08:17 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Select them all and do Control-C

In Killbox go to File - Paste from clipboard
  • 0

#9
chevyv8
Posted 18 November 2006 - 04:20 PM

chevyv8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did just as you said and it only showed the first two files when I clicked the dropdown arrow so I'm not sure if it worked or not.I continued with the rest of the instructions, deleting temp files, and ran a new HJT. The log follows. I do have one other problem though. The AVG 7.5 launches on reboot then comes up with an error report. It wont let me change settings or uninstall it. I tried downloading again and reinstalling it but get an access denied error. Any thoughts? Thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 4:07:17 PM, on 11/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Winamp\winampa.exe
C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;local
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

#10
MFDnSC
Posted 18 November 2006 - 04:28 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Before we go any further I just realized you do not have SP1 and with out it you will get infected again

http://www.microsoft...p1/default.mspx

Add remove programs - remove malwarebot

Post a new log
  • 0

#11
chevyv8
Posted 19 November 2006 - 07:44 PM

chevyv8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I uninstalled Malwarebot, then installed the latest JAVA and deleted the old one as recommended above. I then used your link to download the SP1a but that won't install. I get an error- Setup could not verify the integrity of the file update.inf . Make sure the cryptographic service is running on this computer.- Everything else seems to be working fine thanks to all your help. Here is the latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:32:14 PM, on 11/19/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Winamp\winampa.exe
C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Owner\Desktop\JON'SG~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtange...ave/Install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

#12
MFDnSC
Posted 20 November 2006 - 09:34 AM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
http://support.microsoft.com/kb/822798
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP