AVG
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:19:31 AM 12/2/2006
+ Scan result:
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009001.dll -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009002.exe -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009028.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009029.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29\A0008480.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
F:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
HJT
Rapport
SmitFraudFix v2.126
Scan done at 0:12:34.04, Sat 12/02/2006
Run from F:\Documents and Settings\Steve\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
F:\WINDOWS\system32\ot.ico Deleted
F:\WINDOWS\system32\tpedvf.dll Deleted
F:\DOCUME~1\Steve\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
AVG
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:19:31 AM 12/2/2006
+ Scan result:
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009001.dll -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009002.exe -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009028.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009029.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29\A0008480.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
F:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
HJT
Logfile of HijackThis v1.99.1
Scan saved at 2:41:13 AM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\LClock\LClock.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Styler\Styler.exe
F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\HJT\fredmh.exe.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1164736733968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
Sorry if everything isnt correct, it was quite confusing and time consuming doing all the scans, but once again thanks for all your help.