Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanned, Spycleaned, Hijackthis-ed, Combofixed, Still Crashing, Please Assist


  • Please log in to reply
1 reply to this topic

#1 Jakemo136

Jakemo136

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 13 February 2008 - 12:32 AM

So here's what's going on... Last week I accidentally downloaded a virus installer, it completely crashed my computer. Some files were automatically quarantined by Symantec, and those have been deleted. I reinstalled Windows XP SP-2 twice, I've run Ad-Aware SE, SUPERantispiware, Autoruns in Safe Mode to find the unauthorized, unverified dll's, HiJackThis, ComboFix, and everything else I can think of.

Here are the symptoms... my computer will work for about 20 minutes, give or take a few, then programs will all stop responding at the same time. The mouse will continue to respond for about 5 seconds, then it too freezes. The screen will stay frozen for about 15 seconds, then the monitor will go to stand-by mode and all of my fans (cpu, vga) will go to default speed. No reboot, just hangs. Restarting the system will load everything fine. I also uploaded worsock.dll to VirusTotal and it came back with 8/32 positive scans. Here's my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:39 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
F:\Program Files\RivaTuner v2.06\RivaTuner.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\NOTEPAD.EXE
C:\For New Computer\Computer tools, updates, drivers, and programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] F:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RivaTuner] "F:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://symantec.student.unco.edu/secure/xp32/webinst.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5387 bytes






And here's my ComboFix log:

ComboFix 08-02-13.1 - Jakemo 2008-02-13 22:03:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1473 [GMT -7:00]
Running from: C:\For New Computer\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-13 21:44 . 2008-02-13 21:44 <DIR> d-------- F:\Program Files\iPod
2008-02-13 21:04 . 2008-02-13 21:04 <DIR> d-------- F:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-12 16:14 . 2008-02-13 21:36 <DIR> d-------- F:\Program Files\SUPERAntiSpyware
2008-02-12 16:14 . 2008-02-12 16:14 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\SUPERAntiSpyware.com
2008-02-12 16:14 . 2008-02-12 16:14 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-11 21:33 . 2008-02-11 21:33 <DIR> d-------- F:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-02-11 21:20 . 2008-02-11 21:20 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\Uniblue
2008-02-11 20:13 . 2003-03-31 05:00 13,463,552 --a--c--- F:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-11 20:12 . 2003-03-31 05:00 10,096,640 --a--c--- F:\WINDOWS\system32\dllcache\hwxcht.dll
2008-02-11 20:11 . 2004-08-04 00:56 2,134,528 --a--c--- F:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-11 20:10 . 2003-03-31 05:00 16,384 --a--c--- F:\WINDOWS\system32\dllcache\isignup.exe
2008-02-11 20:10 . 2008-02-11 20:10 749 -rah----- F:\WINDOWS\WindowsShell.Manifest
2008-02-11 20:10 . 2008-02-11 20:10 749 -rah----- F:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-11 20:10 . 2008-02-11 20:10 749 -rah----- F:\WINDOWS\system32\sapi.cpl.manifest
2008-02-11 20:10 . 2008-02-11 20:10 749 -rah----- F:\WINDOWS\system32\nwc.cpl.manifest
2008-02-11 20:10 . 2008-02-11 20:10 749 -rah----- F:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-11 20:10 . 2008-02-11 20:10 488 -rah----- F:\WINDOWS\system32\logonui.exe.manifest
2008-02-11 19:22 . 2008-02-11 19:22 <DIR> d---s---- F:\Documents and Settings\Jakemo\UserData
2008-02-11 19:22 . 2008-02-11 19:22 4,960 --a------ F:\WINDOWS\system32\Kj8HnE.syz
2008-02-11 15:52 . 2008-02-11 15:52 <DIR> d-------- F:\Program Files\Recuva
2008-02-11 15:52 . 2008-02-11 15:52 <DIR> d-------- F:\Program Files\Defraggler
2008-02-11 12:11 . 2008-02-11 17:30 <DIR> d-------- F:\Program Files\ESET NOD32 Antivirus
2008-02-11 12:11 . 2008-02-11 12:11 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\ESET
2008-02-11 12:10 . 2007-10-12 15:14 3,734,536 --a------ F:\WINDOWS\system32\d3dx9_36.dll
2008-02-11 12:10 . 2007-10-12 15:14 1,374,232 --a------ F:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-11 12:10 . 2007-10-02 09:56 444,776 --a------ F:\WINDOWS\system32\d3dx10_36.dll
2008-02-11 12:10 . 2007-10-22 03:39 267,272 --a------ F:\WINDOWS\system32\xactengine2_10.dll
2008-02-09 22:12 . 2008-02-09 22:12 10,752 --a------ F:\WINDOWS\system32\worsock.dll
2008-02-09 22:12 . 2008-02-09 22:12 1 --a------ F:\WINDOWS\system32\rc.dat
2008-02-09 22:12 . 2008-02-09 22:12 1 --a------ F:\WINDOWS\system32\ps1.dat
2008-02-09 22:12 . 2008-02-09 22:12 1 --a------ F:\WINDOWS\system32\cs.dat
2008-02-09 21:48 . 2007-12-04 15:44 23,600 --a------ F:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-09 20:20 . 2004-08-04 00:56 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-02-09 20:17 . 2004-08-04 01:01 139,400 --a------ F:\WINDOWS\system32\drivers\rdpwd.sys
2008-02-09 20:17 . 2004-08-04 01:01 139,400 --a--c--- F:\WINDOWS\system32\dllcache\rdpwd.sys
2008-02-09 20:17 . 2004-08-04 01:01 21,896 --a------ F:\WINDOWS\system32\drivers\tdtcp.sys
2008-02-09 20:17 . 2004-08-04 01:01 21,896 --a--c--- F:\WINDOWS\system32\dllcache\tdtcp.sys
2008-02-09 20:17 . 2004-08-04 01:01 12,040 --a------ F:\WINDOWS\system32\drivers\tdpipe.sys
2008-02-09 20:17 . 2004-08-04 01:01 12,040 --a--c--- F:\WINDOWS\system32\dllcache\tdpipe.sys
2008-02-09 19:33 . 2004-08-04 01:57 1,086,058 -ra------ F:\WINDOWS\SETC3.tmp
2008-02-09 19:33 . 2004-08-04 02:03 1,042,903 -ra------ F:\WINDOWS\SETC0.tmp
2008-02-09 19:33 . 2004-08-04 01:58 13,753 -ra------ F:\WINDOWS\SETCF.tmp
2008-02-07 22:24 . 2008-02-07 22:31 <DIR> d-------- F:\Program Files\RivaTuner v2.06
2008-02-07 19:17 . 2008-02-07 19:17 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\ATI
2008-02-07 19:15 . 2007-12-20 21:05 593,920 --a------ F:\WINDOWS\system32\ati2sgag.exe
2008-02-07 19:12 . 2008-02-07 19:16 <DIR> d-------- F:\Program Files\ATi Technologies
2008-02-07 00:31 . 2008-02-07 00:31 262,144 --a------ F:\WINDOWS\system32\wrap_oal.dll
2008-02-07 00:31 . 2008-02-07 00:31 86,016 --a------ F:\WINDOWS\system32\OpenAL32.dll
2008-02-06 20:49 . 2006-05-18 13:14 18,359 --a------ F:\WINDOWS\system32\Ntaccess.sys
2008-02-06 20:49 . 2004-07-23 16:09 13,368 --a------ F:\WINDOWS\system32\FlashVxd.vxd
2008-02-06 20:49 . 2007-12-14 09:21 9,216 --a------ F:\WINDOWS\system32\drivers\FlashSys.sys
2008-02-05 21:02 . 2008-02-05 21:04 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\Ruckus Network
2008-02-05 21:00 . 2008-02-05 21:00 <DIR> d-------- F:\Program Files\Ruckus Player
2008-02-05 21:00 . 2008-02-05 21:00 <DIR> d-------- F:\Program Files\Bonjour
2008-02-05 19:21 . 2008-02-05 19:41 <DIR> d-------- F:\Program Files\BioShock
2008-02-05 19:21 . 2008-02-05 19:21 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\InstallShield
2008-02-05 17:49 . 2008-02-05 17:49 <DIR> d-------- F:\Program Files\MSXML 4.0
2008-02-05 17:46 . 2008-02-11 21:27 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\OpenOffice.org2
2008-02-05 17:44 . 2008-02-05 17:44 <DIR> d-------- F:\Program Files\OpenOffice.org 2.3
2008-02-05 17:43 . 2008-02-05 17:43 <DIR> d-------- F:\Program Files\Java
2008-02-05 17:43 . 2008-02-05 17:43 <DIR> d-------- F:\Program Files\Common Files\Java
2008-02-05 17:43 . 2007-09-24 23:31 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-02-05 17:35 . 2008-02-05 17:35 <DIR> d-------- F:\Program Files\OOo
2008-02-04 20:31 . 2008-02-04 20:31 <DIR> d-------- F:\Program Files\MagicISO
2008-02-04 20:17 . 2008-02-04 20:17 <DIR> d--h----- F:\WINDOWS\PIF
2008-02-04 19:30 . 2008-02-04 19:30 <DIR> d-------- F:\Program Files\MSXML 6.0
2008-02-04 09:46 . 2003-12-11 11:15 626,960 -ra------ F:\WINDOWS\system32\hpvaut32.dll
2008-02-04 09:46 . 2003-12-11 11:15 487,424 -ra------ F:\WINDOWS\system32\hpvcp70.dll
2008-02-04 09:46 . 2003-12-11 11:15 344,064 -ra------ F:\WINDOWS\system32\hpvcr70.dll
2008-02-04 09:46 . 2003-12-11 11:15 82,432 -ra------ F:\WINDOWS\system32\MSXML4r.dll
2008-02-04 09:46 . 2003-12-11 11:15 44,544 -ra------ F:\WINDOWS\system32\MSXML4a.dll
2008-02-04 09:44 . 2008-02-04 09:44 <DIR> d-------- F:\Program Files\HP
2008-02-04 09:44 . 2008-02-04 09:47 <DIR> d-------- F:\Program Files\Hewlett-Packard
2008-02-04 09:43 . 2008-02-04 09:47 426,767 --a------ F:\WINDOWS\hpdj6500.his
2008-02-04 09:43 . 2008-02-04 09:47 11,708 --a------ F:\WINDOWS\hpdj6500.ini
2008-01-28 00:21 . 2008-01-28 00:21 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\SupComCP
2008-01-28 00:17 . 2008-01-28 00:17 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 17:15 . 2008-01-26 18:17 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-01-26 17:04 . 2008-01-26 17:04 <DIR> d-------- F:\Program Files\THQ
2008-01-26 17:04 . 2007-07-20 00:57 267,112 --a------ F:\WINDOWS\system32\xactengine2_9.dll
2008-01-26 14:31 . 2008-01-26 14:31 <DIR> d-------- F:\Program Files\QuickTime
2008-01-26 14:31 . 2008-01-26 14:31 <DIR> d-------- F:\Program Files\iTunes
2008-01-26 14:31 . 2008-01-26 16:58 <DIR> d-------- F:\Documents and Settings\Jakemo\Application Data\Apple Computer
2008-01-26 14:31 . 2008-01-26 14:31 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-25 22:01 . 2007-07-19 18:14 3,727,720 --a------ F:\WINDOWS\system32\d3dx9_35.dll
2008-01-25 22:01 . 2007-07-19 18:14 1,358,192 --a------ F:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-25 22:01 . 2007-07-19 18:14 444,776 --a------ F:\WINDOWS\system32\d3dx10_35.dll
2008-01-25 21:46 . 2008-01-29 19:57 <DIR> d-------- F:\Program Files\Crysis
2008-01-24 16:17 . 2008-01-24 16:17 <DIR> d-------- F:\WINDOWS\system32\AppData
2008-01-24 16:17 . 2006-03-14 14:00 544,833 --a------ F:\WINDOWS\system32\wbocx.ocx
2008-01-24 16:17 . 2004-12-07 10:11 258,352 --a------ F:\WINDOWS\system32\unicows.dll
2008-01-24 16:17 . 2002-03-01 17:58 50,688 --a------ F:\WINDOWS\system32\wbhelp2.dll
2008-01-24 16:17 . 2002-03-01 17:58 28,160 --a------ F:\WINDOWS\system32\anim.dll
2008-01-24 16:17 . 1999-11-22 15:50 4,608 --a------ F:\WINDOWS\system32\W95INF32.DLL
2008-01-24 16:17 . 1999-11-22 15:50 2,272 --a------ F:\WINDOWS\system32\W95INF16.DLL
2008-01-24 16:17 . 1999-12-02 12:42 439 --a------ F:\WINDOWS\system32\shfolder.inf
2008-01-23 18:50 . 2008-01-27 22:03 <DIR> d-------- F:\Program Files\Oblivion
2008-01-23 18:04 . 2008-02-01 14:48 23 --a------ F:\WINDOWS\BlendSettings.ini
2008-01-22 19:39 . 2005-03-16 11:31 38,402 --a------ F:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-01-22 19:36 . 2008-01-22 19:39 <DIR> d-------- F:\Program Files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 18:28 4,725,760 ----a-w F:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-29 22:47 16,859,648 ----a-w F:\WINDOWS\RTHDCPL.exe
2008-01-19 05:28 315,392 ----a-w F:\WINDOWS\HideWin.exe
2007-12-21 03:53 2,843,136 ----a-w F:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w F:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w F:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w F:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w F:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w F:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w F:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w F:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w F:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w F:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w F:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w F:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w F:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w F:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w F:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 385,024 ----a-w F:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w F:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w F:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w F:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w F:\WINDOWS\system32\ati2cqag.dll
2007-11-21 01:15 1,826,816 ----a-w F:\WINDOWS\SkyTel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="F:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"vptray"="F:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 02:21 217088]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"HP Component Manager"="F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPDJ Taskbar Utility"="F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 07:46 172032]
"StartCCC"="F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RivaTuner"="F:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 11:05 2650112]
"RivaTunerStartupDaemon"="F:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 11:05 2650112]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 15:47 16859648 F:\WINDOWS\RTHDCPL.exe]

F:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - F:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 FTT3;FTT3;F:\WINDOWS\system32\DRIVERS\FTT3.sys [2007-08-16 11:49]
R3 RTHDMIAzAudService;Service for HDMI;F:\WINDOWS\system32\drivers\RtHDMI.sys [2007-02-05 10:23]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 22:04:06
Windows 5.1.2600 Service Pack 2 NTFS


Thank you all in advance for helping me out with this problem, I appreciate it.

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 24 February 2008 - 11:22 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users