Hi Jack This:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:32 PM, on 4/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1129942404\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1129942404\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129942404\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SysTray] C:\Program Files\kesx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {1116D0B5-1B7B-2CE8-DE39-126A74E10B7B} - http://85.255.113.214/1/gdnUS2296.exe
O16 - DPF: {14B21A14-E2FD-7A8D-B3C0-195A6FC89672} - http://85.255.113.214/1/gdnUS2296.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {43483E14-8091-461C-06E4-10966FBBACCA} - http://85.255.113.214/1/gdnUS2296.exe
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {5877A45A-3751-3C75-97ED-619A6EE2DF1C} - http://85.255.113.214/1/gdnUS2296.exe
O16 - DPF: {6C454409-19EC-26DD-BE79-520B3CE855D8} - http://85.255.113.214/1/gdnUS2296.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Ewido Log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:12:56 PM, 4/13/2006
+ Report-Checksum: A2243930
+ Scan result:
C:\cclfsi.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\Kayle\Cookies\kayle@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Kayle\Cookies\kayle@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\kojioy[1].txt -> Hijacker.StartPage.adi : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\lcknkg[1].txt -> Hijacker.Small.kr : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\C9YVKLEN\yoyo[1].exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\G1YVSHAJ\bag[1].htm -> Not-A-Virus.Exploit.JS.CVE20051790.j : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HUD7IONE\winsvr[1].exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\JBQ6KW9D\edsyfuakm[2].txt -> Trojan.Sinowal.d : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\JBQ6KW9D\harv[1].exe -> Logger.Small.ak : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\JBQ6KW9D\yjrdce[1].txt -> Downloader.Agent.afl : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\O9EO08RU\red2[1].exe -> Downloader.Agent.afl : Cleaned with backup
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\WAVEAZW0\bjeudagd[1].txt -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\exocoi.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\exsp.exe -> Downloader.Agent.afl : Cleaned with backup
C:\iufsaxvd.exe -> Hijacker.Small.kr : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.d : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.d : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.d : Cleaned with backup
C:\Program Files\kesx.exe -> Hijacker.StartPage.adi : Cleaned with backup
C:\Program Files\wucesug.exe -> Hijacker.StartPage.adi : Cleaned with backup
C:\qwwev.exe -> Hijacker.Small.kr : Cleaned with backup
C:\ruhmqchp.exe -> Trojan.Sinowal.d : Cleaned with backup
C:\rvxkc.exe -> Trojan.Sinowal.d : Cleaned with backup
C:\unpnec.exe -> Downloader.Agent.afl : Cleaned with backup
C:\WINDOWS\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup
C:\WINDOWS\system32\syshost.exe -> Backdoor.Rbot.adf : Cleaned with backup
::Report End
Smitfiles.txt:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 04/13/2006
The current time is: 19:09:20.59
Running from
C:\Documents and Settings\TEMP\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
SpySheriff
~~~ Shortcuts ~~~
SpySheriff
Install.dat
SpySheriff.lnk
~~~ Favorites ~~~
~~~ system32 folder ~~~
svcp.csv
winsub.xml
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
secure32.html
winstall.exe
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 720 'explorer.exe'
Killing PID 720 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Panda Report:
Incident Status Location
Spyware:spyware/apropos Not disinfected C:\WINDOWS\loadnew.exe
Adware:adware/secure32 Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@fastclick[2].txt
Virus:Trj/Multidropper.BHG Not disinfected C:\bdcmq.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\dbmkxf.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\dkrbldrj.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Kayle\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kayle\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kayle\Cookies\kayle@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Kayle\Cookies\kayle@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kayle\Cookies\kayle@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Kayle\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kayle\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Kayle\Cookies\kayle@toplist[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\kayle@mediaplex[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\8H63CDQJ\izexgq[1].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\fillmemadv487[1].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\fillmemadv487[2].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\fillmemadv487[3].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\fillmemadv487[4].htm
Possible Virus. Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\AP4RE5U5\load[1].exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\C9YVKLEN\eaykz[1].txt
Virus:Exploit/CodeBase.BF Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HUD7IONE\x[1].chm[x.htm]
Possible Virus. Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\HUD7IONE\x[1].chm[load.exe]
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\JBQ6KW9D\fillmemadv487[1].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\O9EO08RU\fillmemadv487[1].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\O9EO08RU\fillmemadv487[2].htm
Virus:Exploit/BodyOnLoad Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\WAVEAZW0\fillmemadv487[1].htm
Virus:Trj/Multidropper.BHG Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\WAVEAZW0\rvhkudnx[1].txt
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\ollw.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\rqqwa.exe
Virus:Trj/Multidropper.BHG Not disinfected C:\vvbfuesb.exe
Possible Virus. Not disinfected C:\WINDOWS\loadnew.exe
Possible Virus. Not disinfected C:\WINDOWS\xavvvopc.exe
Edited by greyknight17, 14 April 2006 - 05:39 PM.