[RESOLVED] Aurora Pop ips and so fourth

Forums: Computers
Email this Topic • Print this Page

Hi all my name is Ryan and I am new here. I have carried out all the procedures that timberlandko said to do before posting and this is my results.

I know of some sort of worm I had? I think I have gotten rid of it now though and I had those auro pop ups. Unfortunatly I am unable to connet to the internet with AOL now is there any fix for this also?

Anyway here is the results from the log files

Thanks in advance for any help!

---------------------------------
Here is the first ewido log
---------------------------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 09:59:16, 13/07/2005
+ Report-Checksum: F8AD1E42

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\cSwitch11.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\util.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\CloseDSLinstallerDlg.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\CloseHWDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\CloseMegDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\doctor.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\FindDSLDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\aolv6path.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\ckuninstall.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\CloseDSLDlg.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\CloseDSLinstallerDlg.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\maintanence.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\PlugUSBDev.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\REGISTRY.EXE -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\RemoveDev.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\removefirst.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\uninstall.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\unutility.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\Voyager100pppoeDriver.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\ProgramFiles\Voyager100PPPoEDriver98.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\Remid.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\LAN_driver\unutility.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\CloseDSLinstallerDlg.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\CloseHWDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\CloseMegDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\FindDSLDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\aolv6path.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\ckuninstall.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\CloseDSLDlg.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\CloseDSLinstallerDlg.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\DIAGLOG.EXE -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\maintanence.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\modifyDun.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\PlugUSBDev.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\REGISTRY.EXE -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\RemoveDev.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\removefirst.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\uninstall.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\ProgramFiles\unutility.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\Remid.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\Setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\setupdll.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager\Wan_Driver\USB\WAN Driver\DSLDRV\UserDiag.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\Doctor100.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\drivers\WAN Driver\dsldrv\UserDiag.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\drivers98\WAN Driver\dsldrv\UserDiag.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\patches\Q307271_WxP_SP1_x86_enu_MID57834.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\patches\Q307271_WxP_SP1_x86_ENU_MID58293.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\aolv6path.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\Diaglog.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\maintanence.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\maintanence_WAN.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\modifyDun.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\Registry.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\ProgramFiles\runhtml.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\Remid.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\Setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\Voyager100PPPoEDriver\Win98\Voyager100PPPoEDriver.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\ukpppoecswitch11\Voyager100\Voyager100PPPoEDriver\WinME2KXP\Voyager100pppoeDriver.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\Cb_AOL 9.0\xpsp2UKfix\WindowsXP-KB885295-x86-enu.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\my.class-dc825cc-57839a3c.class -> TrojanDownloader.Small.aaq : Cleaned with backup
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adviva[1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\user\Desktop\CWSInstall.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Desktop\HijackThis.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Desktop\limpbizkit\Videos\TUQT Part1 Video\START.EXE -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Desktop\University Work\Year 01 - Semester 01\Multimedia Development\Projector.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\aoltpspd.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\pft30~tmp\Reader\AcroRd32.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\snuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\START.EXE -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\thin_installer.exe -> Worm.Hidrag : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\{BD5E97CA-38AF-43AF-88B5-38F234CE4A13}\{5aa18c57-381c-4c99-8fe6-5eb1cb0a5bc0}\DIRECTX8\DXSETUP.EXE -> Worm.Hidrag : Cleaned with backup
C:\GLF28.tmp\dcsetup.exe -> Worm.Hidrag : Cleaned with backup
C:\GLF28.tmp\wmad.exe -> Worm.Hidrag : Cleaned with backup
C:\GLF29.tmp\dcsetup.exe -> Worm.Hidrag : Cleaned with backup
C:\GLF29.tmp\wmad.exe -> Worm.Hidrag : Cleaned with backup
C:\GLF2A.tmp\dcsetup.exe -> Worm.Hidrag : Cleaned with backup
C:\GLF2A.tmp\wmad.exe -> Worm.Hidrag : Cleaned with backup
C:\LightWave_3D_7.0\Programs\LSED.exe -> Worm.Hidrag : Cleaned with backup
C:\LightWave_3D_7.0\Programs\LSID.exe -> Worm.Hidrag : Cleaned with backup
C:\LightWave_3D_7.0\Programs\RAIN.exe -> Worm.Hidrag : Cleaned with backup
C:\LightWave_3D_7.0\Programs\SNC.exe -> Worm.Hidrag : Cleaned with backup
C:\LightWave_3D_7.0\Programs\snl.exe -> Worm.Hidrag : Cleaned with backup
C:\LightWave_3D_7.0\Programs\sn_c.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Aged Photo.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Conditional Mode Change.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Constrain to 300 pixels.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Constrain to 64 pixels.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Drop Shadow Frame.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Make Button.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Make Sepia Tone.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Save As JPEG Medium.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Adobe\Photoshop 6.0\Samples\Droplets\Photoshop Droplets\Save As Photoshop PDF.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ahead\CoverDesigner\CoverDes.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ahead\Nero ToolKit\CDSpeed.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ahead\Nero ToolKit\DriveSpeed.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AIM95\upgrade.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 8.0\Jiti\Jiti_mm.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 8.0\Jiti\Viewpoint.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 8.0\waol.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 9.0\Jiti\Jiti_mm.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 9.0\Jiti\qt.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 9.0\Jiti\Real9_codec_upd.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 9.0\Jiti\viewpoint.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL 9.0\shellrestart.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AOL Companion\companion.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ArcSoft\Software Suite\Funhouse\Funhouse.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ArcSoft\Software Suite\PhotoPrinter\Photoprn.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ArcSoft\Software Suite\PhotoStudio\PhotoStudio.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\ArcSoft\Software Suite\VideoImpression\videoimp.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AutoCAD 2002\acad.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AutoCAD 2002\addplwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AutoCAD 2002\hpsetup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AutoCAD 2002\styshwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\AutoCAD 2002\Support\BatchPlt\batchplt.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\aolv6path.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\Diaglog.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\GsiInst.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\maintanence.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\maintanence_WAN.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\modifyDun.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\Registry.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\runhtml.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLDiag.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK\acssetup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.EXE -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\AOL\System Information\sinf.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\acs\AcsSetup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\flash\FlashAX.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\qt\qt.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\rp\rp9codec.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\vwpt\vwpt.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolshare\Aolunins_uk.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolshare\cltdiag.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\uk_uk\ab3.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\uk_uk\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\Logitech\QCDriver\HVideoS.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\Logitech\QCDriver\Lqdsw.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AOLMediaPlaybackControl.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\Nullsoft\ActiveX\AOLMediaPlaybackControl.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\CyberLink\Common\UpdateIPR.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\CyberLink\PowerDVD\CLDMA.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\CyberLink\PowerDVD\cltest.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\CyberLink\PowerDVD\ddtester.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\DAP\DAP.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\DAP\dapupd.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\DAP\UNWISE.EXE -> Worm.Hidrag : Cleaned with backup
C:\Program Files\DivX\DivX\bgregister.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\DivX\DivX Player 2.1\DivX Player\DivX Player.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Elecard MPEG2 Player 2.0\MpgPlayer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Elecard MPEG2 Player 2.0\Registration.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Elecard MPEG2 Player 2.0\Sysnsh.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Elecard MPEG2 Player 2.0\Uninstall.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\FlashFXP\FlashFXP.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\FlashFXP\UNWISE.EXE -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Grisoft\AVG Free\avgemc.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\InstallShield Installation Information\{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}\setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\InstallShield Installation Information\{93016515-95C8-450B-A7ED-B968CA9103B5}\Setup.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Java\j2re1.4.2\javaws\javaws.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Learn2.com\StRunner\STRunner.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Director 8.5\UNWISE.EXE -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Director 8.5\Xtras\ActiveX\Redist\Aprxdist.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Director 8.5\Xtras\ActiveX\Redist\Axdist.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Director 8.5\Xtras\ActiveX\Redist\Wintdist.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\Debug\Install Flash Player 6 AX.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\Debug\Install Flash Player 6.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\Debug\SAFlashPlayer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\Release\Install Flash Player 6 AX.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\Release\Install Flash Player 6.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\Release\SAFlashPlayer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Macromedia\Flash MX\Players\SAFlashPlayer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Messenger\msmsgs.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Microsoft Works Suite 99\Setup\launcher.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\mIRC\mirc.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\EasyVCD.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\ImageMix.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\Imxinput.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\ImxLay.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\IMxVCDDVD.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\PartialMovieEdit.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\PIXELA\ImageMixer\profile.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\QuickTime\PictureViewer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\QuickTime\QTInfo.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\QuickTime\QuickTimePlayer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\QuickTime\QuickTimeUpdater.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Rainbow Technologies\Sentinel System Driver\SetupSysDriver.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Real\RealPlayer\realplay.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\AvenueAInc.zip/robin faichney@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\BFast.zip/robin faichney@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\CommissionJunction.zip/robin [email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip/robin [email protected]-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\CommissionJunction2.zip/robin [email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\DoubleClick.zip/robin faichney@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\FastClick.zip/robin faichney@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\FastClick1.zip/robin faichney@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox.zip/robin faichney@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox1.zip/robin [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox2.zip/robin faichney@hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox3.zip/robin [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox4.zip/robin [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox5.zip/robin faichney@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\MediaPlex.zip/robin faichney@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\MediaPlex1.zip/robin faichney@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Recovery\WebTrendslive.zip/robin [email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\unins000.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Volo View Express\voloview.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Voyager100Test\FDialerX.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Voyager100Test\fwlite.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Voyager100Test\FWPortal.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Voyager100Test\fwstrans.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Voyager100Test\UNWISE.EXE -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Voyager100Test\update.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Winamp\AOD\AolAod.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Winamp\winamp.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Windows Media Player\dlimport.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Windows Media Player\wmlaunch.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\Windows Media Player\wmsetsdk.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\WinRAR\WinRAR.exe -> Worm.Hidrag : Cleaned with backup
C:\Program Files\WinZip\WZQKPICK.EXE -> Worm.Hidrag : Cleaned with backup
C:\Program Files\WinZip\WZSEPE32.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB834707\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB867282\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB867282\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB883939\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB883939\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887742\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887797\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB887797\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890923\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB890923\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB893066\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB893086\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB893086\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB896422\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\conf.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\dialer.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\imjpdct.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\imjpdsvr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\imjpinst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\imjprw.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\imjputy.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\logonui.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\migrate.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\mmc.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\ntbackup.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\osk.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\pinball.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\rsnotify.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\setup_wm.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\spider.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\unregmp2.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB840374$\helpctr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallQ810565$\accwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallQ810565$\osk.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\IsUninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\NuNInst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{B3C1B200-8F14-4C49-96D3-67425AD59914}\wmplayer.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\accwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\conf.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\dialer.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\dlimport.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\explorer.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\fxscover.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\helpctr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\iexpress.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\irftp.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\logagent.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\logonui.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\migload.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\migrate.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\migwiz.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\mmc.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\mobsync.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\moviemk.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\mplay32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\mspaint.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\mstsc.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\netfxupdate.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\netsetup.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\osk.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\pinball.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\progman.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\regedit.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\rsnotify.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\setregni.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\setup_wm.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\spider.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\togac.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wordpad.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wscript.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\3709dc310a72da1097ef958eb2621bbd\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\cb89c6eaab688025932af882ab9016f8\spuninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\cb89c6eaab688025932af882ab9016f8\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\380a38a73a09f3292579c9fb8f25506e\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a9c7d1cb99b6efff1f6b110c55b2ee9\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2d5bf1528590d957dcebbe21530a5a7\update\update.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\svchost.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Aod\AolOnDesktop.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\CloseHWDialog.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\couvtpft.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\ekbpisj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\ftxjfk.exe -> TrojanDownloader.Agent.qu : Cleaned with backup
C:\WINDOWS\system32\KzService.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\MRT.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\nss19D.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\QuickTime\QTPluginInstaller.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\RunUnknown.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\sistray.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB_SET06.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DMSG00.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPPE03.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S1T0A2.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SIINS2.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\EB_SET06.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c4259c8\E_DMSG00.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c4259c8\E_DPPE03.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\E_S1T0A2.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\spool\drivers\w32x86\E_SIINS2.EXE -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\AC2K.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\AC98.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\ACL98.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\ACLME.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\All.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\AutoClick.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\Change.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\CheckPath.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\Counter.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\DelDv.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\DeleteFiles.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\DelT2.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\DelT2Dv.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\DelTools.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\LostRun.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\RegClean.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\Regexe.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\Restart.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\RunAP.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\RunRegexe.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\SDW98ME.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\Tools\SoundDrv.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\system32\wjview.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\Temp\BullGuard\bulldownload.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\Temp\NavBrowser.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\twain_32\AS6E\AS6E32.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\uninst.exe -> Worm.Hidrag : Cleaned with backup
C:\WINDOWS\Windows Update Setup Files\ie6setup.exe -> Worm.Hidrag : Cleaned with backup

::Report End

---------------------------------
This is the second ewido log
---------------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:22:25, 13/07/2005
+ Report-Checksum: 9E47A0B0

+ Scan result:

No infected objects found.

::Report End

------------------------------------
Here is the highjackthis log
------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:19:47, on 13/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Voyager100Test\fts.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS3\Services\VxD\MSTCP: Domain = mydomain.com
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 2,837 • Replies: 9

No top replies

Sorry if this seems like i am flooding but i just wanted to add that i now have AOL working fine. Just incase someone ended up wasting time trying to help me out. one again thanks in advance for any advice you may give!

0 Replies

Cool about getting back on the internet - I'll try to get to your log sometime in the next 24hrs - its looking lots better, but there is still some stuff you should take vcare of - please be patient.

0 Replies

Thanks for replying to me timberlandko, I appreciate your time. I am glad it is looking better, I didn't even know about that worm thing I had I only noticed it through looking to lose those Aurora pop-ups.

After doing this it removed some pieces of software such as Macromedia Dreamweaver, is it now safe to install stuff that was removed?

I also still have system restore turned off, is it now safe to turn it back on?

And one final question what pieces of software should I kept installed or running at all times? I ask because I have 11 active programs down the bottom right of the screen and when I press ctrl alt and delete there is 46 running processes is all this ok?

Thanks in advance Ryan

0 Replies

Hey just a quick update here.

I have started installing all the software that was removed and damaged minus my camcorder software.

My computer takes awhile to start up now. Is this because of so many running processes? Right now there is 45, is there anyway to minimise this? Like removing stuff that isn't required at start up?

Down the bottom of the screen there is now 10 icons running at all times they are:

AOL
InCD
My Broadband connection thing
Ewido Security Suite
AVG Anti Virus
Safely remove hardware
Something about a network cable being unplugged, I think this is the cable to link up my PS2
Microsoft Anti-Spyware
Volume
Printer Monitor

I currently still have windows restore still turned off.

I seen somewhere it being advised to run a System Defrgagment also, should I now do this? I was thinking I should wait until I turn system restore on first?

Also sometimes I get 1 single pop up when I am using windows explorer, each time it is the same pop up window. This is with windows pop up blocked turned on, is this some spyware still installed?

There is also something up with the DVD drive of my computer when I click My Computer it shows it as a CD Drive but when I go into hardware it displays it as a DVD drive and says it is functioning correctly. Is this anything to worry about?

When running a scan computer in AVG Anti virus it finds an infected file. Here are the details off it:

Object: C:\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1/spuninst.exe.ref
Result: Virux identified Win32/Hidrag.A
Status: Infected

And it gives me the following options:

Move to Vault or Delete file

What should I do? Should I leave it or carry out any of the 2 options available? I ask because it is in the Windows folder and don't want to mess anything up that I may need.

Sorry about all these questions. Thanks in advance Ryan

0 Replies

Sorry its taken so long for me to get back to you.

I wouldn't re-enable System Restore just yet - hang in there and lets be sure things are cleaned up.

The infected file detected by AVG is one I would allow AVG to delete.

If you could provide a little more detail about the popup you get, that would be helpful.

Now, lets do some general cleanup - fixing these these would be my first recomendations. Note, some may re-appear; don't be concerned, if they do, we'll go after them a different way. None of these are malicious, BTW - just unnecessary.

Run HJT once more, with no other applications or windows open, place a checkmark next to the following if they appear, then select "Fix Checked"

O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file) Non-existant file - Reference to it should be fixed
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) Non-existant file - Reference to it should be fixed
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Not needed at Startup - Should be fixed
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Not needed at Startup - Should be fixed
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing) Non-existant file - Reference to it should be fixed
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing) Non-existant file - Reference to it should be fixed
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) Non-existant file - Reference to it should be fixed
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) Non-existant file - Reference to it should be fixed
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (file missing) Non-existant file - Reference to it should be fixed
When the fix is complete, reboot, run a fresh HJT scan, fixing nothing, and just save the log to post here.

Next, I'd like to get a better look at your Startup roster. Please download Silent Runners. When it has downloaded (shouldn't take long at all; its a fairly small file), locate it it and double-click it to launch it. Though this app is totally harmless - it can't change anything on your system - some Anitvirus apps will notify you of a "possibly dangerous script" or something of the like; grant permission for this script to run. After anywhere from a few seconds to a few minutes, you will be presented with a notification the scan has completed and the logfile has been created. The log file will be a .txt file located in the same folder as Silent Runners; locate it, open it in Notepad, copy that and post it here, along with a fresh HJT log , and we'll go from there. On the bright side, things really do look generally pretty good with your latest scan logs.

One concern I have, it seems you have both Symantec/Norton antivirus and AVG antivirus running simultaneeously. Only one antivirus should be configured for always-on, real-time protection; select one or the other to start with Windows, and disable auto-start for the other. Having a second AV for backup or second opinion, with its scan run manually when desired, is a good idea (and keep it updated), but multiple antivirus apps should not be run concurrently; lotsa problems can arise, including slow system response and stability issues.

A defrag, while in safe mode, would be an excellent idea; defrags should be run regularly, anyway - I defrag my machines more or less on a weekly schedule.

Oh, and as for the DVD drive thing you mention - does the drive appear to function correctly? If so, I wouldn't worry about it too much.

0 Replies

Hey, thanks for the reply!

Here is the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 00:43:43, on 19/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Voyager100Test\fts.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S4.tmp"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS3\Services\VxD\MSTCP: Domain = mydomain.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

And here is the Silent Runners log file results:

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"EPSON Stylus C42 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S4.tmp"" ["SEIKO EPSON CORPORATION"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiS KHooker" = "C:\WINDOWS\System32\khooker.exe" ["Silicon Integrated Systems Corporation"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\ahead\InCD\InCD.exe" ["Copyright (C) ahead software gmbh and its licensors"]
"EPSON Stylus C42 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"" ["SEIKO EPSON CORPORATION"]
"%FP%Friendly fts.exe" = ""C:\Program Files\Voyager100Test\fts.exe"" ["Friendly Technologies"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"GSICONEXE" = "gsicon.exe" ["GlobespanVirata, Inc."]
"DSLAGENTEXE" = "dslagent.exe USB" [null data]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "user" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"AOL 9.0 Tray Icon" -> shortcut to: "C:\Program Files\AOL 9.0\aoltray.exe -check" ["America Online, Inc."]
"Microsoft Find Fast" -> shortcut to: "C:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
"Office Startup" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaSrv, C-DillaSrv, "C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 59 seconds, including 18 seconds for message boxes)

The pop up seems to have disappeared now. It was happening with every 2nd or 3rd website I went onto within Internet explorer. It basically would try to load a site but would come up with page not found it would then attempt to redirect me to some site which needed to be authorised because others could see information, I always clicked no and closed the page. Hopefully it is gone for good.

I also ran AVG and deleted that higrad file that you suggested I do. Hmm I have no idea why Norton antivirus is showing up as being on my computer, I have never had that anti virus either, that is quite weird. Although AOL has some online virus checking thing I think it is labelled under "AOL Computer Check-Up" or something like that and I believe that works through Norton, is it possible that it is that? But to my best knowledge I have never had that antivirus software installed.

I will run a defrag in safe mode tomorrow morning (it is 1am here right now so it is a bit late to run it).

The DVD drive does work, yeap. I was just confused as too why it was displaying as a CD drive yet registering as a DVD one

Thanks for all your help, I really do appreciate your time!

Thanks in advance Ryan

0 Replies

Looks clean to me. There's some stuff you don't really need at startup still there, but the overall system load it imposes is neglible - I wouldn't worry about it. That Norton/Symantec thing I mentioned may have been confusion on my part, it appears what I saw earlier was just the ActiveX control for Symantec's online security scan, so nevermind and I'm sorry for confusing you.

Anyhow, I'd say you should run CCleanup one more time, reboot, defrag, re-enable System Restore, establish a fresh restore point, and call this finished.

If you wish, you can uninstall Ewido (unless you decide to buy its subscription) and the other tools you downloaded.

As far as your Startup goes, what is needed is Systray and Explorer, your security/privacy software (firewall, antivirus, anti spyware) is good to have fire up at Start, and just about everything else is just along for the ride - accessible from Programs or desktop icons when needed. One thing there - ve3ry minor - is Adobe Gamma Loader; unless you are really heavilly into graphics, and calibrate your monitor to your printer, it serves no real purpose for most home users. It doesn't really consume much in the way of resources, but for most folks its about as necessary as a chrome hood ornament. Another thing you might want to take a look at is the configuration of your RealPlayer; there's no reason for Real to start with Windows, unless you actually use it all the time for 'net music; if its your preferred media player, just set it as default for the various media types and any time its needed, it will open on its own. Again, no biggie, leaving it as it is won't impact much.

Practice Safe Hex, and be careful out there.

0 Replies

Thanks, I have now done everything that you said to do. Since uninstalling Ewido my machine seems to have picked up speed again (it was only the initial boot up that took some time, as well as AOL starting up) so I think it is back to normal.

I've printed out everything from your other thread so if I ever get another problem hopefully I will be able to handle it without wasting your time.

About the startup thing, real player isn't displaying as being on start up that I can see? Also I turned off Adobe Gamma (I had it turned off before) as well as the QuickTime start up thing, but they both seem to turn themselves back on. Each time I reboot I get a pop up from Microsoft Antis Spyware (I think it is that one at least) telling me it has authorised it.

Do you know of another way of turning it off, I have been doing the following

Start>>Run>msconfig>>Start up. From there I have been un-checking them but it doesn't seem to stay. Any ideas?

0 Replies

Prolly the most effevtive way to turn off unwanted/unnecessary startups is to open their parent program, go to the program's configuration page, find the startup options section, and unclick "Start with Windows".

For Quicktime, the latest builds make that a little more difficult; the easiest thing to do there is to uninstall QT, clear all your caches and temp files (CCleaner will do that), reboot, then download and re-install QT - paying close attention to the configuration wizard as the install proceeds. Make sure QT is not set as your default media player, and that it is not configured to run a startup. From then on, just stay alert, and don't let it take control - it'll try Laughing

You can also use Microsoft Antispyware to remove unwanted startups (which is a 1-way ticket out of town for whatever is removed - be sure before you do that), or use Spybot S&D's Startup Control to disable them - which, untill you're sure disabling them has no unexpected ill effect, prolly is the best way to go, since you can always "undo" the disable. Consult Spybot S&D's "Help" for details.

0 Replies

[RESOLVED] Aurora Pop ips and so fourth

Related Topics

Quick Links

My Account

able2know