Tech Support Forum - View Single Post - Constant Pop-ups, three different programs on Desktop, comes back after cleaning

katsumoto · 08-10-2007, 04:09 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:05:06 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by128fd.bay128.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

2.Combofix log(after complete online scan from kasper...

ComboFix 07-08-10.8 - "Bry-Un" 2007-08-10 18:03:07.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.571 [GMT -4:00]

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

2007-08-09 18:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-09 18:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-08 22:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 21:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-08 21:15 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-08 21:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-08 21:11 <DIR> d-------- C:\DOCUME~1\Bry-Un\APPLIC~1\SUPERAntiSpyware.com
2007-08-08 21:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-08 21:09 <DIR> d-------- C:\Program Files\CCleaner
2007-08-06 18:29 2,424 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-06 01:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-28 04:43 <DIR> d-------- C:\DOCUME~1\Other\APPLIC~1\Apple Computer
2007-07-28 03:42 <DIR> d-------- C:\DOCUME~1\Other\APPLIC~1\Real
2007-07-25 22:23 <DIR> d-------- C:\WinCD

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 09:28 --------- d-------- C:\Program Files\Steam
2007-08-08 21:11 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 17:21 --------- d-------- C:\Program Files\World of Warcraft
2007-07-31 17:44 --------- d---s---- C:\Program Files\Xfire
2007-07-31 09:08 --------- d-------- C:\DOCUME~1\Bry-Un\APPLIC~1\Xfire
2007-07-29 01:01 --------- d-------- C:\DOCUME~1\Bry-Un\APPLIC~1\LimeWire
2007-07-16 19:07 --------- d-------- C:\Program Files\speedDIAL
2007-07-07 20:57 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-07 20:47 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-07 20:47 --------- d-------- C:\Program Files\THQ
2007-07-07 20:46 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-18 22:27 --------- d-------- C:\Program Files\Winamp
2007-05-16 11:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-04-07 13:28 6718976 --a------ C:\Program Files\winamp533_full_emusic-7plus.exe
2007-03-14 07:25 37844544 --a------ C:\Program Files\iTunesSetup.exe
2007-02-27 01:59 197596 --a------ C:\Program Files\klhthreatmeter-19-8-bugfixes.zip
2007-02-19 00:37 422821 --a------ C:\Program Files\titan-panel-3-0-5.zip
2006-12-15 01:33 14285021 --a------ C:\Program Files\speedDIALInstall.exe
2006-12-01 01:30 7313592 --a------ C:\Program Files\iMeshV7.exe
2006-11-15 00:52 2027528 --a------ C:\Program Files\16X3DVD9-8X_FW_v1F3.exe
2006-09-25 00:28 12288 --ahs---- C:\Program Files\Thumbs.db
2006-06-27 17:45 6206440 --a------ C:\Program Files\winamp524_full_emusic-7plus.exe
2006-05-31 06:56 4243060 --a------ C:\Program Files\sabrina_trailer.wmv
2006-05-22 00:13 15557928 --a------ C:\Program Files\DivXPlay.exe
2006-05-21 23:56 12754672 --a------ C:\Program Files\MP10Setup.exe
2006-05-07 20:35 5616888 --a------ C:\Program Files\winamp521_full_emusic-7plus.exe
2006-05-05 20:04 35935472 --a------ C:\Program Files\6-4_xp-2k_dd_ccc_wdm_enu_31959.exe
2006-05-05 19:59 23510720 --a------ C:\Program Files\dotnetfx.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"HostManager"="C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe" [2006-05-09 20:24]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-16 14:41]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 11:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 11:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-26 23:51]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 20:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-08-10 07:18]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\EISetup.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 18:03:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 18:03:55
C:\ComboFix-quarantined-files.txt ... 2007-08-10 18:03
C:\ComboFix2.txt ... 2007-08-10 18:00
C:\ComboFix3.txt ... 2007-08-10 07:19

--- E O F ---

3. Kasper---Found 13 viruses I think, and 33 or so infected objects...mostly all seem passive, not sure...

Friday, August 10, 2007 5:56:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/08/2007
Kaspersky Anti-Virus database records: 378260

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 105066
Number of viruses found 13
Number of infected objects 31
Number of suspicious objects 0
Duration of the scan process 01:16:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Bry-Un\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Bry-Un\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\History\History.IE5\MSHist012007081020070811\index.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Temp\Perflib_Perfdata_238.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Temp\~DF97A5.tmp Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Temp\~DF97B0.tmp Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Temp\~DFCD36.tmp Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bry-Un\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Bry-Un\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Other\Local Settings\Temporary Internet Files\Content.IE5\QAMXTHWM\ad-sp2-fastclick[1].swf Infected: not-virus:Hoax.SWF.Alerter.a skipped

C:\Program Files\iMeshV7.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped

C:\Program Files\iMeshV7.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped

C:\Program Files\iMeshV7.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped

C:\Program Files\iMeshV7.exe WiseSFX: infected - 3 skipped

C:\Program Files\iMeshV7.exe WiseSFX Dropper: infected - 3 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP524\A0027446.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027580.dll Infected: Trojan-Downloader.Win32.Zlob.bxg skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027581.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027582.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027594.exe Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.e skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027595.dll Infected: not-a-virus:AdWare.Win32.Agent.cu skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027596.exe Infected: Trojan-Downloader.Win32.Zlob.bxm skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027642.dll Infected: Trojan-Downloader.Win32.Zlob.bxg skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027643.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027644.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027668.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.byf skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027668.exe/stream Infected: Trojan-Downloader.Win32.Zlob.byf skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027668.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027670.dll Infected: Trojan-Downloader.Win32.Agent.bkd skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027672.exe Infected: Trojan-Downloader.Win32.Zlob.bxg skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027673.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027674.exe Infected: Trojan-Downloader.Win32.Zlob.bvj skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027682.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027683.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027684.dll Infected: Trojan-Downloader.Win32.Zlob.bxg skipped

C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP534\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Computer functionally is working great, desktop is back to normal, I am able to set my homepage to blank, no popups at all...just would like to know if what Kaspersky found in my computer is anything to be worried about.

08-10-2007, 04:09 PM	#8 (permalink)
katsumoto Registered User Join Date: Aug 2007 Posts: 7 OS: XP	Re: Constant Pop-ups, three different programs on Desktop, comes back after cleaning Logfile of HijackThis v1.99.1 Scan saved at 6:05:06 PM, on 8/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by128fd.bay128.hotmail.msn.co...x/HMAtchmt.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe 2.Combofix log(after complete online scan from kasper... ComboFix 07-08-10.8 - "Bry-Un" 2007-08-10 18:03:07.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.571 [GMT -4:00] ((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 ))))))))))))))))))))))))))))))) 2007-08-09 18:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-09 18:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-08 22:19 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-08 21:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-08 21:15 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-08 21:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-08 21:11 <DIR> d-------- C:\DOCUME~1\Bry-Un\APPLIC~1\SUPERAntiSpyware.com 2007-08-08 21:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-08 21:09 <DIR> d-------- C:\Program Files\CCleaner 2007-08-06 18:29 2,424 --a------ C:\WINDOWS\system32\tmp.reg 2007-08-06 01:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-07-28 04:43 <DIR> d-------- C:\DOCUME~1\Other\APPLIC~1\Apple Computer 2007-07-28 03:42 <DIR> d-------- C:\DOCUME~1\Other\APPLIC~1\Real 2007-07-25 22:23 <DIR> d-------- C:\WinCD (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-10 09:28 --------- d-------- C:\Program Files\Steam 2007-08-08 21:11 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-03 17:21 --------- d-------- C:\Program Files\World of Warcraft 2007-07-31 17:44 --------- d---s---- C:\Program Files\Xfire 2007-07-31 09:08 --------- d-------- C:\DOCUME~1\Bry-Un\APPLIC~1\Xfire 2007-07-29 01:01 --------- d-------- C:\DOCUME~1\Bry-Un\APPLIC~1\LimeWire 2007-07-16 19:07 --------- d-------- C:\Program Files\speedDIAL 2007-07-07 20:57 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-07-07 20:47 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-07 20:47 --------- d-------- C:\Program Files\THQ 2007-07-07 20:46 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-06-18 22:27 --------- d-------- C:\Program Files\Winamp 2007-05-16 11:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-04-07 13:28 6718976 --a------ C:\Program Files\winamp533_full_emusic-7plus.exe 2007-03-14 07:25 37844544 --a------ C:\Program Files\iTunesSetup.exe 2007-02-27 01:59 197596 --a------ C:\Program Files\klhthreatmeter-19-8-bugfixes.zip 2007-02-19 00:37 422821 --a------ C:\Program Files\titan-panel-3-0-5.zip 2006-12-15 01:33 14285021 --a------ C:\Program Files\speedDIALInstall.exe 2006-12-01 01:30 7313592 --a------ C:\Program Files\iMeshV7.exe 2006-11-15 00:52 2027528 --a------ C:\Program Files\16X3DVD9-8X_FW_v1F3.exe 2006-09-25 00:28 12288 --ahs---- C:\Program Files\Thumbs.db 2006-06-27 17:45 6206440 --a------ C:\Program Files\winamp524_full_emusic-7plus.exe 2006-05-31 06:56 4243060 --a------ C:\Program Files\sabrina_trailer.wmv 2006-05-22 00:13 15557928 --a------ C:\Program Files\DivXPlay.exe 2006-05-21 23:56 12754672 --a------ C:\Program Files\MP10Setup.exe 2006-05-07 20:35 5616888 --a------ C:\Program Files\winamp521_full_emusic-7plus.exe 2006-05-05 20:04 35935472 --a------ C:\Program Files\6-4_xp-2k_dd_ccc_wdm_enu_31959.exe 2006-05-05 19:59 23510720 --a------ C:\Program Files\dotnetfx.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10] "ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07] "HostManager"="C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe" [2006-05-09 20:24] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-16 14:41] "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 11:31] "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 11:14] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22] "ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-26 23:51] "Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 20:24] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "Steam"="C:\Program Files\Steam\Steam.exe" [2007-08-10 07:18] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\EISetup.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-10 18:03:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-10 18:03:55 C:\ComboFix-quarantined-files.txt ... 2007-08-10 18:03 C:\ComboFix2.txt ... 2007-08-10 18:00 C:\ComboFix3.txt ... 2007-08-10 07:19 --- E O F --- 3. Kasper---Found 13 viruses I think, and 33 or so infected objects...mostly all seem passive, not sure... Friday, August 10, 2007 5:56:20 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 10/08/2007 Kaspersky Anti-Virus database records: 378260 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ Scan Statistics Total number of scanned objects 105066 Number of viruses found 13 Number of infected objects 31 Number of suspicious objects 0 Duration of the scan process 01:16:27 Infected Object Name Virus Name Last Action C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\Bry-Un\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Bry-Un\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\History\History.IE5\MSHist012007081020070811\index.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Temp\Perflib_Perfdata_238.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Temp\~DF97A5.tmp Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Temp\~DF97B0.tmp Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Temp\~DFCD36.tmp Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Bry-Un\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Bry-Un\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Bry-Un\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Other\Local Settings\Temporary Internet Files\Content.IE5\QAMXTHWM\ad-sp2-fastclick[1].swf Infected: not-virus:Hoax.SWF.Alerter.a skipped C:\Program Files\iMeshV7.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped C:\Program Files\iMeshV7.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped C:\Program Files\iMeshV7.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped C:\Program Files\iMeshV7.exe WiseSFX: infected - 3 skipped C:\Program Files\iMeshV7.exe WiseSFX Dropper: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP524\A0027446.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027580.dll Infected: Trojan-Downloader.Win32.Zlob.bxg skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027581.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027582.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027594.exe Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.e skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027595.dll Infected: not-a-virus:AdWare.Win32.Agent.cu skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027596.exe Infected: Trojan-Downloader.Win32.Zlob.bxm skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027642.dll Infected: Trojan-Downloader.Win32.Zlob.bxg skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027643.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027644.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027668.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.byf skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027668.exe/stream Infected: Trojan-Downloader.Win32.Zlob.byf skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027668.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027670.dll Infected: Trojan-Downloader.Win32.Agent.bkd skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027672.exe Infected: Trojan-Downloader.Win32.Zlob.bxg skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027673.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027674.exe Infected: Trojan-Downloader.Win32.Zlob.bvj skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027682.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027683.exe Infected: Trojan-Downloader.Win32.Zlob.btq skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP528\A0027684.dll Infected: Trojan-Downloader.Win32.Zlob.bxg skipped C:\System Volume Information\_restore{7F5D595F-486F-4F4A-BF7D-88816B6D6803}\RP534\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Computer functionally is working great, desktop is back to normal, I am able to set my homepage to blank, no popups at all...just would like to know if what Kaspersky found in my computer is anything to be worried about.