Help - Search - Members - Calendar
Full Version: liquid_roc's log
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
liquid_roc
Aug 17 2007, 04:52 AM
HI Blade81,

I have the same problem here and i did exactly what you wrote with combofix. So this is my log result please help me smile.gif





ComboFix 07-08-14.4 - "winxp" 2007-08-17 10:31:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.33 [GMT 7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\winxp\APPLIC~1\addon.dat


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-17 10:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 08:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-12 21:45 <DIR> d--h----- C:\WINDOWS\msnmsgr
2007-08-12 18:53 <DIR> d-------- C:\Program Files\Hide The IP
2007-08-07 12:17 <DIR> d-------- C:\Program Files\Neoretix
2007-08-06 00:21 <DIR> d-------- C:\Program Files\Nuclear Coffee
2007-08-05 18:43 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-04 21:21 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-08-04 21:21 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-08-04 21:21 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-08-04 21:21 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2007-08-04 21:20 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-04 21:20 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-08-04 21:20 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-08-04 21:20 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-08-04 21:20 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-08-04 21:20 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-04 21:20 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-04 21:20 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-08-04 21:20 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-04 21:20 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-08-04 21:20 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-08-04 21:20 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-08-04 21:20 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-08-04 21:20 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-08-04 21:20 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-08-04 21:20 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-08-04 21:20 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-08-04 21:20 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-08-04 21:20 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-08-04 21:20 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-08-04 21:20 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-08-04 21:20 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-08-04 21:20 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-08-04 21:20 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-08-04 21:20 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-08-04 21:20 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-08-04 21:20 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-08-04 21:20 52,224 --------- C:\WINDOWS\system32\mspmsnsv.dll
2007-08-04 21:20 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-08-04 21:20 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-08-04 21:20 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-08-04 21:20 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-08-04 21:20 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-08-04 21:20 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-08-04 21:20 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-08-04 21:20 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-08-04 21:20 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-08-04 21:20 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-08-04 21:20 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-08-04 21:20 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-08-04 21:20 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-08-04 21:20 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-08-04 21:20 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-08-04 21:20 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-08-04 21:20 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-08-04 21:20 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-08-04 21:20 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-08-04 21:20 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-08-04 21:20 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-08-04 21:20 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-08-04 21:20 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-08-04 21:20 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-08-04 21:20 32,866 --------- C:\WINDOWS\slrundll.exe
2007-08-04 21:20 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-08-04 21:20 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-08-04 21:20 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-08-04 21:20 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-08-04 21:20 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-08-04 21:20 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-08-04 21:20 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-08-04 21:20 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-08-04 21:20 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-08-04 21:20 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-08-04 21:20 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-08-04 21:20 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-08-04 21:20 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-08-04 21:20 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-08-04 21:20 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-08-04 21:20 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-08-04 21:20 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-08-04 21:20 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-08-04 21:20 263,040 --------- C:\WINDOWS\system32\drivers\http.sys
2007-08-04 21:20 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-08-04 21:20 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-08-04 21:20 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-08-04 21:20 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-08-04 21:20 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-08-04 21:20 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-08-04 21:20 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-08-04 21:20 22,528 --------- C:\WINDOWS\system32\fltmc.exe
2007-08-04 21:20 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-08-04 21:20 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-08-04 21:20 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-08-04 21:20 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-08-04 21:20 193,024 --------- C:\WINDOWS\system32\fsquirt.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 22:13 --------- d-------- C:\Program Files\Peta Jakarta
2007-08-12 22:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-11 08:41 --------- d-------- C:\Program Files\SmileyPad
2007-08-07 14:45 --------- d-------- C:\DOCUME~1\winxp\APPLIC~1\AdobeUM
2007-08-04 21:29 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-04 21:24 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-08-04 21:21 --------- d-------- C:\Program Files\Messenger
2007-08-04 21:20 --------- d-------- C:\Program Files\Movie Maker
2007-08-04 21:11 --------- d-------- C:\Program Files\Windows NT
2007-08-03 20:52 --------- d-------- C:\DOCUME~1\winxp\APPLIC~1\Image Zone Express
2007-07-29 22:59 --------- d-------- C:\Program Files\Nokia
2007-07-25 17:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 13:30 --------- d-------- C:\Program Files\CyberLink
2007-07-18 13:24 --------- d-------- C:\Program Files\Vstplugins
2007-07-16 11:21 --------- d-------- C:\Program Files\Xilisoft
2007-07-16 11:19 --------- d-------- C:\Program Files\FairStars Audio Converter
2007-07-10 17:57 --------- d-------- C:\Program Files\DAP
2007-07-10 02:16 406672 --a------ C:\WINDOWS\Tera1.exe
2007-07-10 02:16 29696 --a------ C:\WINDOWS\mickey32.dll
2007-07-10 02:16 184912 --a------ C:\WINDOWS\Tera1.scr
2007-07-05 22:19 --------- d-------- C:\Program Files\VeryPDF PDF2Word v2.0
2007-07-05 21:50 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-05 21:50 38784 --a------ C:\WINDOWS\system32\drivers\sbpd.sys
2007-06-30 19:51 --------- d-------- C:\DOCUME~1\winxp\APPLIC~1\Sony


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-08 21:03]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe" [2004-02-03 14:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

R1 SbPd;SbPd;\??\C:\WINDOWS\System32\Drivers\SbPd.sys
R2 spupdsvc;Windows Service Pack Installer update service;C:\WINDOWS\system32\spupdsvc.exe
R3 allegro;ESS Allegro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys


Contents of the 'Scheduled Tasks' folder
2007-07-27 13:39:40 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - winxp.job - C:\PROGRA~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 10:36:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-17 10:38:05
C:\ComboFix-quarantined-files.txt ... 2007-08-17 10:38

--- E O F ---





liquid_roc
Aug 17 2007, 07:06 PM
Blade81 wrote :

I separated your post to own topic. I don't deal with posts in other users' topics (this is also meantioned in my signature). Post your fresh hjt log here. Thank you.

Thanks a lot blade, actually i read it on your signature but i'm not sure to post the same problem in the new thread, cuz maybe it's wasting the space ? unsure.gif

Well aight then if you think this is the best idea, i'll post my log here. By the way, thanks before for helping me out cuz this win32.backdoor.bifrose keeps comin back at me....


________________


ComboFix 07-08-14.4 - "winxp" 2007-08-17 10:31:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.33 [GMT 7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\winxp\APPLIC~1\addon.dat


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-17 10:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 08:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-12 21:45 <DIR> d--h----- C:\WINDOWS\msnmsgr
2007-08-12 18:53 <DIR> d-------- C:\Program Files\Hide The IP
2007-08-07 12:17 <DIR> d-------- C:\Program Files\Neoretix
2007-08-06 00:21 <DIR> d-------- C:\Program Files\Nuclear Coffee
2007-08-05 18:43 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-04 21:21 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-08-04 21:21 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-08-04 21:21 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-08-04 21:21 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2007-08-04 21:20 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-04 21:20 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-08-04 21:20 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-08-04 21:20 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-08-04 21:20 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-08-04 21:20 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-04 21:20 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-04 21:20 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-08-04 21:20 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-04 21:20 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-08-04 21:20 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-08-04 21:20 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-08-04 21:20 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-08-04 21:20 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-08-04 21:20 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-08-04 21:20 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-08-04 21:20 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-08-04 21:20 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-08-04 21:20 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-08-04 21:20 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-08-04 21:20 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-08-04 21:20 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-08-04 21:20 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-08-04 21:20 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-08-04 21:20 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-08-04 21:20 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-08-04 21:20 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-08-04 21:20 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-08-04 21:20 52,224 --------- C:\WINDOWS\system32\mspmsnsv.dll
2007-08-04 21:20 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-08-04 21:20 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-08-04 21:20 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-08-04 21:20 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-08-04 21:20 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-08-04 21:20 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-08-04 21:20 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-08-04 21:20 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-08-04 21:20 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-08-04 21:20 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-08-04 21:20 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-08-04 21:20 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-08-04 21:20 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-08-04 21:20 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-08-04 21:20 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-08-04 21:20 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-08-04 21:20 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-08-04 21:20 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-08-04 21:20 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-08-04 21:20 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-08-04 21:20 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-08-04 21:20 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-08-04 21:20 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-08-04 21:20 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-08-04 21:20 32,866 --------- C:\WINDOWS\slrundll.exe
2007-08-04 21:20 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-08-04 21:20 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-08-04 21:20 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-08-04 21:20 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-08-04 21:20 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-08-04 21:20 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-08-04 21:20 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-08-04 21:20 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-08-04 21:20 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-08-04 21:20 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-08-04 21:20 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-08-04 21:20 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-08-04 21:20 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-08-04 21:20 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-08-04 21:20 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-08-04 21:20 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-08-04 21:20 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-08-04 21:20 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-08-04 21:20 263,040 --------- C:\WINDOWS\system32\drivers\http.sys
2007-08-04 21:20 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-08-04 21:20 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-08-04 21:20 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-08-04 21:20 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-08-04 21:20 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-08-04 21:20 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-08-04 21:20 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-08-04 21:20 22,528 --------- C:\WINDOWS\system32\fltmc.exe
2007-08-04 21:20 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-08-04 21:20 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-08-04 21:20 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-08-04 21:20 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-08-04 21:20 193,024 --------- C:\WINDOWS\system32\fsquirt.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 22:13 --------- d-------- C:\Program Files\Peta Jakarta
2007-08-12 22:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-11 08:41 --------- d-------- C:\Program Files\SmileyPad
2007-08-07 14:45 --------- d-------- C:\DOCUME~1\winxp\APPLIC~1\AdobeUM
2007-08-04 21:29 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-04 21:24 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-08-04 21:21 --------- d-------- C:\Program Files\Messenger
2007-08-04 21:20 --------- d-------- C:\Program Files\Movie Maker
2007-08-04 21:11 --------- d-------- C:\Program Files\Windows NT
2007-08-03 20:52 --------- d-------- C:\DOCUME~1\winxp\APPLIC~1\Image Zone Express
2007-07-29 22:59 --------- d-------- C:\Program Files\Nokia
2007-07-25 17:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 13:30 --------- d-------- C:\Program Files\CyberLink
2007-07-18 13:24 --------- d-------- C:\Program Files\Vstplugins
2007-07-16 11:21 --------- d-------- C:\Program Files\Xilisoft
2007-07-16 11:19 --------- d-------- C:\Program Files\FairStars Audio Converter
2007-07-10 17:57 --------- d-------- C:\Program Files\DAP
2007-07-10 02:16 406672 --a------ C:\WINDOWS\Tera1.exe
2007-07-10 02:16 29696 --a------ C:\WINDOWS\mickey32.dll
2007-07-10 02:16 184912 --a------ C:\WINDOWS\Tera1.scr
2007-07-05 22:19 --------- d-------- C:\Program Files\VeryPDF PDF2Word v2.0
2007-07-05 21:50 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-05 21:50 38784 --a------ C:\WINDOWS\system32\drivers\sbpd.sys
2007-06-30 19:51 --------- d-------- C:\DOCUME~1\winxp\APPLIC~1\Sony


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-08 21:03]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe" [2004-02-03 14:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

R1 SbPd;SbPd;\??\C:\WINDOWS\System32\Drivers\SbPd.sys
R2 spupdsvc;Windows Service Pack Installer update service;C:\WINDOWS\system32\spupdsvc.exe
R3 allegro;ESS Allegro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys


Contents of the 'Scheduled Tasks' folder
2007-07-27 13:39:40 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - winxp.job - C:\PROGRA~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 10:36:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-17 10:38:05
C:\ComboFix-quarantined-files.txt ... 2007-08-17 10:38

--- E O F ---
Blade81
Aug 18 2007, 07:14 PM
Hi liquid_roc,

Do you have that HijackThis log I was asking for? If you don't then below are instructions for producing it smile.gif


Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.
Blade81
Sep 6 2007, 09:24 PM
Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.