Hope this is correct
Logfile of HijackThis v1.99.1
Scan saved at 16:18:53, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\wanadoo\wanadooconnectionkit\atdialler1.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo -
res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02D5635-5F40-4557-8253-D8B38F645DD2}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Sunday, April 23, 2006 4:17:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 23/04/2006
Kaspersky Anti-Virus database records: 178204
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 145604
Number of viruses found 2
Number of infected objects 98
Number of suspicious objects 0
Duration of the scan process 00:54:02
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Sam\Local Settings\Temp\mso16D3A.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\mso2D76B.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\mso3A929.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\mso6BD02.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\mso8EAD2.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\msoDAE56.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\msoE6AA4.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Sam\Local Settings\Temp\msoFE946.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Application Data\Identities\{4A77C32F-87D0-44F6-B7BC-35694028E757}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tracy Ward" ][Date Fri, 30 Sep 2005 21:20:48 +0100]/UNNAMED/UNNAMED Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Application Data\Identities\{4A77C32F-87D0-44F6-B7BC-35694028E757}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tracy Ward" ][Date Fri, 30 Sep 2005 21:20:48 +0100]/UNNAMED Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Application Data\Identities\{4A77C32F-87D0-44F6-B7BC-35694028E757}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\CA4LE5R0.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\CAZ6Y9NZ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\contacting[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\eBayISAPI[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\friendsreunited[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\staff-look-up[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\testthenation[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\university_park[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ASD7JYPN\Articles[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ASD7JYPN\images[9].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ASD7JYPN\povt[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\B5F4PFZ8\Contact[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\B5F4PFZ8\friendsreunited[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\B5F4PFZ8\search[12].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\apd.rdg.ac[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\friendsreunited[2].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\GARDENING13[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\index[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\iq[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\photo10515[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\HPUCZ7IR\index[3].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\183[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAEJCPMJ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAEJSXYR.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAGTIJW5.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAWTWXSZ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAX7QM7Q.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\d6[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\index[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\moldhealth[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\orange-mobile-phones-prices[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\search[4].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\search[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\search[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\Q18MU5ZA\CAQR2FUD.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\Q18MU5ZA\nottingham.ac[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\Q18MU5ZA\symbios[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\R660EDUR\Associations[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\CA8XQFAZ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\CACXG10B.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\CAQV6JYD.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\default[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\enter[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\extra[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\index[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\marshmallowbrownies_8128[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\search[2].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\search[4].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\search[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\section_advert[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\stain_removal[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\advance_search[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\CAJEI1ZN.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\CAS9STCB.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\CAVU4NF9.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\core[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\events_halloween[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\index[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\mobiles.co[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\search[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\182[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CA9K8F5L.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAAZSZL6.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAENW7LI.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAW10947.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAW5IZ8T.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\entertainment[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\orange-motorola-v545[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\results[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\search[4].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\search[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\search[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\Program Files\Wanadoo\WSBar\localfaq.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP266\A0099076.exe Infected: Trojan.Win32.LowZones.dm skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0099880.exe Infected: Trojan.Win32.LowZones.dm skipped
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0099881.exe Infected: Trojan.Win32.LowZones.dm skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\6[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\CAM7CV3O.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\CAS5OL87.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\home_homeoffice[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\index_ts[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\support_options[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F4JEHYJU\search[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\J1APZIIN\2005033108162039[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\J1APZIIN\CATC8ZXX.htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\J1APZIIN\google.co[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WAFSC4YH\searchResults[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped
Scan process completed.
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 14:36:37, 23/04/2006
+ Report-Checksum: 3130A422
+ Scan result:
HKU\S-1-5-21-3213709025-766886174-3985962080-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} -> Adware.2020Search : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkicmajocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkieocjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkighcpwfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkigldzglq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkowpdpibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkysiajgdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfl4uld5ggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wflocpd5mko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wflognazsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgk4omdpwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgkigjcpkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgkyqldpgko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wglikmczgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgloskajglq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjkyenczolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjl4cndjsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjlokid5ibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjmiqjdzceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjnyopdpkfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjnysiajibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@emimusic.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ostg.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@qantasairways.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wfkiwlazoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wfkyojdpibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wfloepcpwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wflognazsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wgkiahczgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wgkyagczieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjk4cod5ebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjk4ujd5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjlyupdzgeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjmiomdzslp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjmiuicpado.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjmygjdpolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjnyeodzocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\R660EDUR\dba2312[1].exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\zdj.exe -> Trojan.LowZones.dm : Cleaned with backup
::Report End
Please advise on further action needed