[goassen]

Thanks for re-opening the thread. Here are the results from OT MOVEIT and Activescan:

----------------------------
OT MOVEIT REPORT:
----------------------------

C:\WINDOWS\system32\aae_dll.vir moved successfully.
C:\WINDOWS\system32\svchost_exe.vir moved successfully.
File/Folder C:\WINDOWS\system32\svchost_exe.vir0 not found.

Created on 09.07.2007 17:08:53

AFTER RESTARTING:

File/Folder C:\WINDOWS\system32\aae_dll.vir not found.
File/Folder C:\WINDOWS\system32\svchost_exe.vir not found.
File/Folder C:\WINDOWS\system32\svchost_exe.vir0 not found.

Created on 09.07.2007 17:29:03

------------------------
ACTIVE SCAN
------------------------


Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1c24netm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1c24netm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1c24netm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitfraud\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\smitfraud\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Possible Virus. Renamed C:\RECYCLER\S-1-5-21-57989841-813497703-1060284298-500\Dc1\aae.dll
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-57989841-813497703-1060284298-500\Dc14\aae_dll.vir
Virus:W32/Patchlog.D Renamed C:\RECYCLER\S-1-5-21-57989841-813497703-1060284298-500\Dc14\svchost_exe.vir
Virus:W32/Patchlog.D Renamed C:\WINDOWS\system32\svchost_exe_vir0.vir