PDA

View Full Version : SmitFraud and loads of popups!



ADP10
2006-11-27, 19:16
Hi guys

My computer seems to be overrrun with this smitfraud thing and everytime I run IE loads of popups seem to run. I tried Spybot but even though it says it's got rid of it, it still comes back!!

I really need some help getting rid of them, thanks!!

So I ran the hijack thing and got this report:

Logfile of HijackThis v1.99.1
Scan saved at 17:11:26, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\powerman.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wwv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\{AC8FC157-0BF3-1033-0113-04121503002c}\Update.exe
C:\Documents and Settings\Ajay S. Deshpande\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.channel4.com/sport/football_italia
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C8FC157-0BF3-1033-0113-04121503002c}\888.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C8FC157-0BF3-1033-0113-04121503002c}\888.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\system32\powerman.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [wwv] "C:\WINDOWS\system32\wwv.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE11C35F-6A10-4B91-837E-FE2D3EB2C788}: NameServer = 206.13.29.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

pskelley
2006-11-29, 15:01
Welcome to the forum, if you are not receiving help elsewhere and still have malware problems, let's start like this.
I see a bunch of junk in this log and it may take a while to get rid of it all.

1) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

2) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

3) What is this? C:\WINDOWS\system32\wwv.exe If you don't know, use these free online scanners and post the results for me to view.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

4) Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs and any information I requested above in this same topic using the "Post Reply" button.
Please use these instructions when you run AVG Anti-Spyware, make sure you delete or at least quarantine what is located.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

ADP10
2006-12-01, 20:23
Thanks for your reply.

Firstly here's the uninstall manager list from hijackthis:

888Bar
Adobe Reader 6.0
Anti-Blaxx 1.18
ATV2000 Uninstall
AVerTV USB 2.0 Driver
CCleaner (remove only)
DivX Codec
DVD Shrink 3.2
eTrust Antivirus Registration
FlashFXP v3
FLV Player 1.3.3
Football Manager 2007
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IEEE 802.11g Wireless LAN Utility
Informations about your PC
InstantCopy
Intel(R) 537EA Modem
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Launch Manager V1.1.8
LimeWire 4.9.30
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash Player 8
McAfee VirusScan Enterprise
Medi@Show
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Excel Viewer 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Professional Edition 2003
Microsoft Picture It! Photo Standard 9
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
My Search Bar
Nero OEM
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.2
PowerCinema 2.0
PowerDirector
PowerDVD
PowerProducer
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
SAGEM F@st 800-840
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shockwave
SpeedTouch USB Software
Spybot - Search & Destroy 1.3
Synaptics Pointing Device Driver
Texas Instruments PCI7620 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VideoLAN VLC media player 0.8.1
Viewpoint Media Player
WinAce Archiver
Winamp (remove only)
Windows Backup Utility
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
X10 Hardware(TM)
Yahoo! Toolbar


Secondly here's the report on this file: C:\WINDOWS\system32\wwv.exe
File: wwv.exe
Status: INFECTED/MALWARE
MD5 914ab70640f6d4b894e7f58e3b51a0e7
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Downloader.APQC
F-Secure Anti-Virus Found Backdoor.Win32.Small.ml
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Small.ml
NOD32 Found a variant of Win32/Agent.UY
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.IstBar.15 (probable variant)



Thirdly here's the rapport.txt:

mitFraudFix v2.126

Scan done at 21:04:29.71, 30/11/2006
Run from C:\Documents and Settings\Ajay S. Deshpande\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ajay S. Deshpande


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ajay S. Deshpande\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AJAYS~1.DES\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

ADP10
2006-12-01, 20:25
Next up is the AVG Spyware thing:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:54:52 01/12/2006

+ Scan result:



HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL -> Adware.MyWaySpeed : Cleaned.
C:\Program Files\Common Files\{3C8FC157-0BF2-1033-0113-04121503002c}\Uninstall.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{AC8FC157-0BF2-1033-0113-04121503002c}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{AC8FC157-0BF2-1033-0113-04121503002c}\system.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090056.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090057.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090058.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090059.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090060.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090061.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090062.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090063.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090064.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090065.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090066.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090067.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090068.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090069.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090070.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090071.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090072.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090073.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090074.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090075.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090076.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090077.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090078.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090079.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090080.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090081.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090082.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090083.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090084.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090085.exe -> Adware.Softomate : Cleaned.
C:\WINDOWS\system32\weuhd.exe -> Backdoor.Small.ml : Cleaned.
C:\WINDOWS\system32\wwv.exe -> Backdoor.Small.ml : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\Local Settings\Temporary Internet Files\Content.IE5\42KOYLVH\vv815[1].exe -> Downloader.Adload.hw : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0089197.exe -> Downloader.Adload.hw : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090042.exe -> Downloader.Adload.hw : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090104.exe -> Downloader.Adload.hw : Cleaned.
C:\WINDOWS\system32\vv815.exe -> Downloader.Adload.hw : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ADBB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AEOM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AFPD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AHSU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AJHT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AKCD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AKPC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ALBL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ALHA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ALSU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AMQO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AMRN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ANJJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AODR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AQRQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\AQTU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ASIA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ATGH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ATKK.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ATKM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BCEB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BCTE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BFCL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BFGI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BHDT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BITP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BJHT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BJRF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BLFG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BNGK.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BOEA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\BPBC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CANI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CAPJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CDIM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CFSP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CIJU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CJNF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CJQO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\COSF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CQBG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CQJN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CQRI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CRHN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CSLM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\CTDG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DBOA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DGCU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DICE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DIJO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DKOQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DLPB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DMFS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DROG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DSIN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DTJI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\DULS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EAFN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ECHJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EDEN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EDKU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EDLH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EDPD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EDQP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EFEI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EFKN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EGFD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EHKR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EJLR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EKMO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ELDA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ENDI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EOIS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EQAN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\EQGB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ERAE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ERTP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FBCP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FBPR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FFCH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FGRS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FHHU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FHJF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FLSN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FOIE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FOUH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\FTIJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GANN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GBSD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GCJO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GHUH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GJGL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GJQJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GKUO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GMPL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GMSO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GNOT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GPAI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GRRI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GSHE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\GUCU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HACA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HCAB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HCSQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HCUA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HDAN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HFHR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HGNG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HLQP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HMLR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HNHU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HPKE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HRED.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HRQT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HSRP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HTFI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HTKG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\HTOP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IAGQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IBDI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IDGM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IDIL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IFMP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IGJH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ILEA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IMIC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IMSN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IPHA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\IPLF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ISGR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ISHE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ITOU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JALI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JAQA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JCKQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JEOE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JEPJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JFHQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JFLO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JGHC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JGPM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JHET.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JIUT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JLIP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JNME.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\JOAT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KATC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KEBF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KENL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KHKC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KISL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KLJO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KLQM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KMBI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KNFJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KNGQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KNSO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KOIR.exe -> Downloader.Agent.bbz : Cleaned.

ADP10
2006-12-01, 20:25
continued:

C:\Documents and Settings\Ajay S. Deshpande\KPTA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KQDM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KSCE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\KSKM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LACC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LASE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LBRQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LEKM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LFDN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LGKQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LIIB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LIJP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LIRS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LLBU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LMBQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LMCU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LMGM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LNSQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LPNS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LREF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LRFI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LRJU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LSMC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LSPP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LSQQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LTJL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LUDA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\LUTI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MBAC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MCQM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MJML.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MJRQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MNNR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MONH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MPTS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MRQO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\MSLB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NCFN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NCLS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NCSE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NDFG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NEUA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NJQD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NQHH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\NRHJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OAJN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ODIA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ODQF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OETR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OFNT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OFRO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OHRO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OISP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OLTJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ONBU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ONEJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ORKQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ORTT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\ORUF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\OSMH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PATF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PBLD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PFGB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PFJP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PGLT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PHLF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PIOB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PLEE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\POQL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PPAP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PPIA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PQCE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PRJT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PTBN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\PUUB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QDRU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QEJC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QFHL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QGFC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QLPC.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QMJJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QMOO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QNSF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QOMS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QOUG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QRQA.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\QRRH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RAIE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RDAE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RDOJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RDTI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RECB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RFJU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RGOG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RITU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RJBT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RKDI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RNRF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RQHH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RROB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RSTF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\RUNN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SFQT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SHAD.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SHED.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SITH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SKFL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SKTP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SNDQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SNOG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SPEH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SQIF.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\SQIQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TANQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TBCM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TDJJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TEMB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TESN.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TFPT.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TFQM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\THMJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TIOB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TKUK.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TMPP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TNHI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TNPL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TOGK.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TPEB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TPQL.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TSJU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\TUPB.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UAHH.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UDNJ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UDOP.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UFCU.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UGKS.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UGQE.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UHFI.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UIJO.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UILM.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UMKG.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UMQQ.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UNBR.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UPME.exe -> Downloader.Agent.bbz : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\UQAK.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\12.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\FMPT.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\GLHK.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\GLJP.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\GMLS.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\NBUP.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\SMKL.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\TKBD.exe -> Downloader.Agent.bbz : Cleaned.
C:\WINDOWS\system32\TLLL.exe -> Downloader.Agent.bbz : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0089198.exe -> Downloader.Agent.bca : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090043.exe -> Downloader.Agent.bca : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\Cookies\ajay_s._deshpande@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\Cookies\ajay_s._deshpande@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\Cookies\ajay_s._deshpande@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\Cookies\ajay_s._deshpande@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Bambo.Hosts.A : Cleaned.
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Bambo.Hosts.A : Cleaned.
C:\Documents and Settings\Ajay S. Deshpande\Local Settings\Temporary Internet Files\Content.IE5\42KOYLVH\vig[1].exe -> Trojan.HideProc.g : Cleaned.
C:\System Volume Information\_restore{2A5A2997-5946-4F70-A86B-AF58A01B3475}\RP463\A0090105.exe -> Trojan.HideProc.g : Cleaned.
C:\WINDOWS\system32\vig.exe -> Trojan.HideProc.g : Cleaned.


::Report end

ADP10
2006-12-01, 20:26
next up is the Hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 18:11:57, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\powerman.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{AC8FC157-0BF3-1033-0113-04121503002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Ajay S. Deshpande\My Documents\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C8FC~1\888Bar.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C8FC~1\888Bar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\system32\powerman.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE11C35F-6A10-4B91-837E-FE2D3EB2C788}: NameServer = 206.13.29.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



After all these scans does it mean Smitfraud has gone from my PC?

Thanks again

pskelley
2006-12-01, 21:00
Thanks for returning your information, let's start like this:

After all these scans does it mean Smitfraud has gone from my PC?
I told you when we started you had a load of junk and it was going to take a while, we are making prograss, this computer was badly infected.


1) Firstly here's the uninstall manager list from hijackthis:
Uninstall 888Bar

Uninstall these:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
See this information: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Download the newest version from that page which will be Java Runtime Environment (JRE) 5.0 Update 10

Uninstall this: LimeWire 4.9.30
See this: http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453088059
Strongly suggested

Uninstall My Search Bar

Uninstall Viewpoint Media Player
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

Uninstall also anything you know should not be there. I suggest you also uninstall any programs you no longer use.
_________________________________________________________

Return to here: C:\Documents and Settings\Ajay S. Deshpande\My Documents\hijack\HijackThis.exe <<< right click the mouse on the .exe and rename it to say ADP10.exe or whatever you wish. The next log will show the Vundo trojan if it is there.
________________________________________________________

Thanks to sUBs and anyone who helped with this fix.

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com
http://download.bleepingcomputer.com/sUBs/combofix.exe
* techsupportforum.com
http://www.techsupportforum.com/sectools/combofix.exe
2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

If the log is large You might need to post half in one reply half in another.

Thanks

pskelley
2006-12-09, 16:38
No response since 2006-12-01, 14:00:sad:

pskelley
2006-12-11, 13:24
Due to lack of response, topic is closed.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.