curtb3
asked on
xaamp.exe and flrs.exe
When I boot my home computer, I am suddenly receiving messages from my Security Software (Panda Internet Security 2007) that indicates that these to files are malicious code and will be blocked.
Does anyone know what these files are and the purpose that they serve. They reside in the windows/prefetch folder. I've renamed them (.pf to .old) but they return upon reboot.
Thank you,
Curt
Does anyone know what these files are and the purpose that they serve. They reside in the windows/prefetch folder. I've renamed them (.pf to .old) but they return upon reboot.
Thank you,
Curt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:04 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\r_serv er.exe
C:\WiRNS\WiRNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\CTHELPER.EXE
C:\WiRNS\WiRNSMon.exe
C:\WINDOWS\system32\xaamp. exe
C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\flrs.e xe
C:\Program Files\ATI Technologies\ATI.ACE\Core- Static\MOM .EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core- Static\ccc .exe
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
D:\Downloads\Experts\HiJac kThis.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O4 - HKLM\..\Run: [Microsoft] xaamp.exe
O4 - HKLM\..\Run: [Windows Network] flrs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core- Static\CLI Start.exe"
O4 - HKLM\..\RunServices: [Microsoft] xaamp.exe
O4 - HKLM\..\RunServices: [Windows Network] flrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [Windows Network] flrs.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBoos ter 2\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201284257204
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201285357390
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0 0805F499D9 3} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-9 09C6EB18CC 7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg ag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_serv er.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: WiRNS (WiRNS.exe) - rbolen70,Glenn1963 - C:\WiRNS\WiRNS.exe
--
End of file - 7134 bytes
Scan saved at 11:13:04 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchos
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\r_serv
C:\WiRNS\WiRNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\System32\svchos
C:\WINDOWS\CTHELPER.EXE
C:\WiRNS\WiRNSMon.exe
C:\WINDOWS\system32\xaamp.
C:\Program Files\Java\jre1.6.0_03\bin
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\flrs.e
C:\Program Files\ATI Technologies\ATI.ACE\Core-
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
D:\Downloads\Experts\HiJac
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O4 - HKLM\..\Run: [Microsoft] xaamp.exe
O4 - HKLM\..\Run: [Windows Network] flrs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-
O4 - HKLM\..\RunServices: [Microsoft] xaamp.exe
O4 - HKLM\..\RunServices: [Windows Network] flrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [Windows Network] flrs.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBoos
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
O16 - DPF: {FFB3A759-98B1-446F-BDA9-9
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_serv
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: WiRNS (WiRNS.exe) - rbolen70,Glenn1963 - C:\WiRNS\WiRNS.exe
--
End of file - 7134 bytes
remove all these entries using Hijackthis by selecting and click on the Fix Checked Button.
it might ask you to restart.
Restart and then run hijackthis and post the log
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O4 - HKLM\..\Run: [Microsoft] xaamp.exe
O4 - HKLM\..\Run: [Windows Network] flrs.exe
O4 - HKLM\..\RunServices: [Microsoft] xaamp.exe
O4 - HKLM\..\RunServices: [Windows Network] flrs.exe
it might ask you to restart.
Restart and then run hijackthis and post the log
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O4 - HKLM\..\Run: [Microsoft] xaamp.exe
O4 - HKLM\..\Run: [Windows Network] flrs.exe
O4 - HKLM\..\RunServices: [Microsoft] xaamp.exe
O4 - HKLM\..\RunServices: [Windows Network] flrs.exe
ASKER
I was working on this remotely from work and lost my net connection.
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O4 - HKLM\..\Run: [Microsoft] xaamp.exe
O4 - HKLM\..\Run: [Windows Network] flrs.exe
O4 - HKLM\..\RunServices: [Microsoft] xaamp.exe
O4 - HKLM\..\RunServices: [Windows Network] flrs.exe
I kept WIRNS (I'm familiar with this program, but I added an additional line that referenced FLRS that was just below it.
As soon as I have my connection back, I'll repost.
Thank you.
O4 - HKLM\..\Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
O4 - HKLM\..\Run: [Microsoft] xaamp.exe
O4 - HKLM\..\Run: [Windows Network] flrs.exe
O4 - HKLM\..\RunServices: [Microsoft] xaamp.exe
O4 - HKLM\..\RunServices: [Windows Network] flrs.exe
I kept WIRNS (I'm familiar with this program, but I added an additional line that referenced FLRS that was just below it.
As soon as I have my connection back, I'll repost.
Thank you.
also this one needs to be removed
O4 - HKCU\..\Run: [Windows Network] flrs.exe
also check add/remove programs for any odd entries in addition to the procedures above.
O4 - HKCU\..\Run: [Windows Network] flrs.exe
also check add/remove programs for any odd entries in addition to the procedures above.
ASKER
Thanks, Brian
That was the extra line that I mentioned.
I appear to be offline indefinitely, so I may have to wait until I get home later this afternoon to continue.
Thank you both, and I will resume following your advice just as soon as I am able.
Curt
That was the extra line that I mentioned.
I appear to be offline indefinitely, so I may have to wait until I get home later this afternoon to continue.
Thank you both, and I will resume following your advice just as soon as I am able.
Curt
ASKER
ComboFix 08-01-31.3 - Curt 2008-01-30 22:43:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18. 1550 [GMT -5:00]
Running from: C:\Documents and Settings\Curt\Desktop\Comb oFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))) )))))
.
2008-01-29 23:12 . 2008-01-29 23:12 <DIR> d-------- C:\Program Files\IrfanView
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\ATI
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-28 15:36 . 2008-01-28 15:36 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-28 15:32 . 2008-01-28 15:33 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-28 14:19 . 2008-01-28 14:20 <DIR> d-------- C:\Program Files\VIA
2008-01-28 14:15 . 2005-05-26 17:49 60,928 --a------ C:\WINDOWS\system32\driver s\viamraid .sys
2008-01-28 11:19 . 2008-01-28 11:19 <DIR> d-------- C:\Documents and Settings\Curt\ReplayPhotoC ache
2008-01-28 09:37 . 2008-01-28 09:37 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 09:37 . 2008-01-28 09:37 <DIR> d-------- C:\Program Files\Java
2008-01-28 09:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacp l.cpl
2008-01-28 09:07 . 2008-01-28 09:53 <DIR> d-------- C:\dvarchive
2008-01-28 08:56 . 2008-01-28 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 08:11 . 2008-01-28 08:11 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\Uniblue
2008-01-28 05:46 . 2005-04-08 22:14 2,823 --a------ C:\WINDOWS\system32\crazy. ini
2008-01-28 05:46 . 2006-06-15 09:51 110 --a------ C:\WINDOWS\system32\start. bat
2008-01-28 05:46 . 2005-03-27 22:38 39 --a------ C:\WINDOWS\system32\iass.b at
2008-01-27 22:49 . 2008-01-27 22:49 <DIR> d-------- C:\Program Files\PCPitstop
2008-01-27 22:49 . 2008-01-30 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-27 16:20 . 2008-01-27 16:20 <DIR> d-------- C:\Program Files\TechTracker
2008-01-27 16:20 . 2008-01-27 20:09 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\VersionTracker Pro
2008-01-27 15:00 . 2008-01-27 15:00 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-27 14:52 . 2008-01-27 15:33 8 --a------ C:\WINDOWS\system32\succes s
2008-01-27 14:51 . 2008-01-27 14:51 <DIR> d-------- C:\Program Files\USBancorp
2008-01-26 13:24 . 2008-01-26 13:24 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\vlc
2008-01-26 13:23 . 2008-01-26 13:23 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-26 11:27 . 2008-01-26 11:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 10:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltu i.dll
2008-01-26 10:39 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltu i.dll.mui
2008-01-25 23:10 . 2008-01-30 22:20 <DIR> d-------- C:\WiRNS
2008-01-25 22:59 . 2008-01-25 22:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-25 16:42 . 2008-01-30 18:34 30,264 --a------ C:\WINDOWS\system32\BMXSta teBkp-{000 00000-0000 0000-00000 00B-000011 02-0000000 4-00511102 }.rfx
2008-01-25 16:42 . 2008-01-30 18:34 30,264 --a------ C:\WINDOWS\system32\BMXSta te-{000000 00-0000000 0-0000000B -00001102- 00000004-0 0511102}.r fx
2008-01-25 16:42 . 2008-01-30 18:34 27,816 --a------ C:\WINDOWS\system32\BMXCtr lState-{00 000000-000 00000-0000 000B-00001 102-000000 04-0051110 2}.rfx
2008-01-25 16:42 . 2008-01-30 18:34 27,816 --a------ C:\WINDOWS\system32\BMXBkp CtrlState- {00000000- 00000000-0 000000B-00 001102-000 00004-0051 1102}.rfx
2008-01-25 16:42 . 2008-01-30 18:34 11,564 --a------ C:\WINDOWS\system32\DVCSta te-{000000 00-0000000 0-0000000B -00001102- 00000004-0 0511102}.r fx
2008-01-25 16:42 . 2008-01-30 18:34 1,080 --a------ C:\WINDOWS\system32\settin gsbkup.sfm
2008-01-25 16:42 . 2008-01-30 18:34 1,080 --a------ C:\WINDOWS\system32\settin gs.sfm
2008-01-25 16:41 . 2008-01-30 18:33 3,162,278 --a------ C:\WINDOWS\{00000000-00000 000-000000 0B-0000110 2-00000004 -00511102} .BAK
2008-01-25 16:40 . 2008-01-25 16:43 <DIR> d-------- C:\WINDOWS\system32\Defaul ts
2008-01-25 16:40 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM .SF2
2008-01-25 16:40 . 2008-01-30 18:33 3,162,278 --a------ C:\WINDOWS\{00000000-00000 000-000000 0B-0000110 2-00000004 -00511102} .CDF
2008-01-25 16:39 . 2008-01-25 16:41 <DIR> d-------- C:\Program Files\Creative
2008-01-25 16:39 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwd m.ini
2008-01-25 16:39 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-01-25 16:39 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapx x.ini
2008-01-25 16:30 . 2008-01-30 17:37 8,627 --a------ C:\WINDOWS\system32\PAV_FO G.OPC
2008-01-25 16:23 . 2008-01-30 22:37 261,920 --a------ C:\WINDOWS\system32\driver s\APPFCONT .DAT.bck
2008-01-25 16:23 . 2008-01-30 22:37 1,204 --a------ C:\WINDOWS\system32\driver s\APPFLTR. CFG.bck
2008-01-25 16:20 . 2008-01-25 16:20 <DIR> d-------- C:\Program Files\Panda Software
2008-01-25 16:20 . 2008-01-25 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-01-25 16:19 . 2008-01-25 16:19 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-25 16:19 . 2007-02-19 07:21 170,800 --a------ C:\WINDOWS\system32\driver s\PavProc. sys
2008-01-25 16:19 . 2007-03-12 10:27 31,104 --a------ C:\WINDOWS\system32\driver s\ShlDrv51 .sys
2008-01-25 15:09 . 2008-01-25 15:09 <DIR> d-------- C:\Program Files\Symantec
2008-01-25 15:09 . 2008-01-28 15:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 15:08 . 2008-01-25 16:19 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-25 14:59 . 2008-01-25 14:59 <DIR> d-------- C:\Program Files\Radmin
2008-01-25 14:59 . 2008-01-25 14:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-25 14:59 . 2001-07-24 10:15 241,664 --a------ C:\WINDOWS\system32\r_serv er.exe
2008-01-25 14:59 . 2000-07-10 07:06 90,112 --a------ C:\WINDOWS\system32\admdll .dll
2008-01-25 14:59 . 2000-07-08 01:29 29,408 --a------ C:\WINDOWS\system32\raddrv .dll
2008-01-25 14:52 . 2008-01-25 14:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-25 14:51 . 2008-01-25 14:51 <DIR> d-------- C:\Program Files\MSBuild
2008-01-25 14:48 . 2008-01-25 15:02 <DIR> d-------- C:\WINDOWS\system32\XPSVie wer
2008-01-25 14:48 . 2008-01-25 14:48 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-25 14:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2 .dll
2008-01-25 14:45 . 2008-01-25 14:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-25 14:45 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcac he\sysmain .sdb
2008-01-25 14:45 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcac he\apph_sp .sdb
2008-01-25 14:45 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcac he\apphelp .sdb
2008-01-25 14:44 . 2008-01-25 14:44 <DIR> d-------- C:\WINDOWS\system32\LogFil es
2008-01-25 14:44 . 2008-01-25 14:44 <DIR> d-------- C:\WINDOWS\system32\driver s\UMDF
2008-01-25 14:29 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcac he\ieframe .dll
2008-01-25 14:29 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcac he\ieapflt r.dat
2008-01-25 14:29 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcac he\ieframe .dll.mui
2008-01-25 14:29 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcac he\msfeeds .dll
2008-01-25 14:29 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcac he\ieapflt r.dll
2008-01-25 14:29 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcac he\iertuti l.dll
2008-01-25 14:29 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcac he\icardie .dll
2008-01-25 14:29 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcac he\msfeeds bs.dll
2008-01-25 14:29 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcac he\ieudini t.exe
2008-01-25 14:26 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcac he\custsat .dll
2008-01-25 14:16 . 2008-01-25 16:39 <DIR> d-------- C:\WINDOWS\system32\data
2008-01-25 14:16 . 2008-01-25 14:16 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\Creative
2008-01-25 14:16 . 2008-01-25 14:16 409,600 --a------ C:\WINDOWS\system32\wrap_o al.dll
2008-01-25 14:16 . 2008-01-25 14:16 114,688 --a------ C:\WINDOWS\system32\OpenAL 32.dll
2008-01-25 14:01 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcac he\rpcrt4. dll
2008-01-25 13:49 . 2008-01-25 14:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 13:42 . 2008-01-25 13:42 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-25 13:42 . 2008-01-25 13:42 <DIR> d-------- C:\WINDOWS\peernet
2008-01-25 13:42 . 2008-01-25 13:47 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-25 13:41 . 2008-01-25 13:41 <DIR> d-------- C:\WINDOWS\ServicePackFile s
2008-01-25 13:38 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupds vc.exe
2008-01-25 13:37 . 2008-01-25 13:37 <DIR> d-------- C:\WINDOWS\EHome
2008-01-25 13:32 . 2007-12-20 21:47 3,120,640 --a------ C:\WINDOWS\system32\ati3du ag.dll
2008-01-25 13:24 . 2008-01-25 13:24 <DIR> d--h----- C:\WINDOWS\system32\GroupP olicy
2008-01-25 13:21 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon .dll
2008-01-25 13:21 . 2008-01-25 13:21 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-25 13:20 . 2008-01-25 13:20 <DIR> d-------- C:\Program Files\Microsoft.NET
.
(((((((((((((((((((((((((( (((((((((( (((( Find3M Report )))))))))))))))))))))))))) )))))))))) )))))))))) ))))))
.
2008-01-31 03:37 261,920 ----a-w C:\WINDOWS\system32\driver s\APPFCONT .DAT
2008-01-31 03:37 1,204 ----a-w C:\WINDOWS\system32\driver s\APPFLTR. CFG
2008-01-25 17:59 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\driver s\ati2mtag .sys
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dv ag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiie xx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2ed xx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2md xx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdl xx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdsp if.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2ev xx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2ev xx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC .DLL
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativva xx.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atiogl xx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvm ag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo 32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\driver s\ati2erec .dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cq ag.dll
2007-12-21 02:05 593,920 ------w C:\WINDOWS\system32\ati2sg ag.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv .dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz .dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf. dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim .dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscori es.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscore e.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscori er.dll
2007-10-11 14:55 88,576 ----a-w C:\WINDOWS\system32\infoca rdapi.dll
2007-10-11 14:55 579,584 ----a-w C:\WINDOWS\system32\icarda gt.exe
2007-10-11 14:55 11,776 ----a-w C:\WINDOWS\system32\icardr es.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\winine t.dll
2007-10-09 18:03 779,800 ----a-w C:\WINDOWS\system32\Presen tationNati ve_v0300.d ll
2007-10-09 18:03 73,752 ----a-w C:\WINDOWS\system32\dxva2. dll
2007-10-09 18:03 493,080 ----a-w C:\WINDOWS\system32\evr.dl l
2007-10-09 18:03 350,744 ----a-w C:\WINDOWS\system32\Presen tationHost .exe
2007-10-09 18:03 33,304 ----a-w C:\WINDOWS\system32\Presen tationHost Proxy.dll
2007-10-09 18:03 161,304 ----a-w C:\WINDOWS\system32\UIAuto mationCore .dll
2007-10-09 18:03 106,520 ----a-w C:\WINDOWS\system32\Presen tationCFFR asterizerN ative_v030 0.dll
2007-10-09 18:03 1,986,072 ----a-w C:\WINDOWS\system32\milcor e.dll
2007-10-09 17:58 16,896 ----a-w C:\WINDOWS\system32\tswpfw rp.exe
2007-06-13 10:23 1,351,255 --sh--r C:\WINDOWS\system32\flrs.e xe
2007-06-13 10:23 325,751 --sh--r C:\WINDOWS\system32\xaamp. exe
.
(((((((((((((((((((((((((( (((((((((( ( Reg Loading Points )))))))))))))))))))))))))) )))))))))) )))))))))) ))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe " [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\s ystem32\ct fmon.exe" [2004-08-04 02:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBoos ter 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-04-27 20:44 628272]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-04-17 18:29 27696]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIH LP.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\P rogram Files\Java\jre1.6.0_03\bin \jusched.e xe" [2007-09-25 01:11 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core- Static\CLI Start.exe" [2006-11-10 12:35 90112]
"WiRNSMon"="C:\WiRNS\WiRNS Mon.exe" [2008-01-30 18:18 114688]
[HKEY_LOCAL_MACHINE\softwa re\microso ft\windows nt\currentversion\winlogon \notify\av ldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr. dll
R0 viamraid;viamraid;C:\WINDO WS\system3 2\DRIVERS\ viamraid.s ys [2005-05-26 17:49]
R1 AmdPPM;AMD HwPState Processor Driver;C:\WINDOWS\system32 \DRIVERS\A mdPPM.sys [2007-04-16 21:46]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32 \Drivers\A PPFLT.SYS [2007-04-02 19:43]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32 \Drivers\D SAFLT.SYS [2007-04-02 19:43]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32 \Drivers\f netmon.SYS [2007-03-12 17:45]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32 \Drivers\I DSFLT.SYS [2007-04-02 19:43]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32 \Drivers\N ETFLTDI.SY S [2007-04-17 17:42]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32 \DRIVERS\S hlDrv51.sy s [2007-03-12 10:27]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32 \Drivers\S MSFLT.SYS [2007-04-02 19:43]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32 \Drivers\W NMFLT.SYS [2007-04-02 19:43]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32 \Drivers\c point.sys [2006-10-27 13:27]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32 \DRIVERS\P avProc.sys [2007-02-19 07:21]
R2 r_server;Remote Administrator Service;"C:\WINDOWS\system 32\r_serve r.exe" [2001-07-24 10:15]
R2 WiRNS.exe;WiRNS;C:\WiRNS\W iRNS.exe [2008-01-30 18:18]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32 \drivers\a v5flt.sys []
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system 32\DRIVERS \netimflt. sys [2007-04-24 15:43]
R3 PavSRK.sys;PavSRK.sys;C:\W INDOWS\sys tem32\PavS RK.sys []
R3 PavTPK.sys;PavTPK.sys;C:\W INDOWS\sys tem32\PavT PK.sys []
.
************************** ********** ********** ********** ********** ********
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 22:44:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************** ********** ********** ********** ********** ********
.
Completion time: 2008-01-30 22:45:03
.
2008-01-25 20:48:21 --- E O F ---
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.
Running from: C:\Documents and Settings\Curt\Desktop\Comb
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))
.
2008-01-29 23:12 . 2008-01-29 23:12 <DIR> d-------- C:\Program Files\IrfanView
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\ATI
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-28 15:36 . 2008-01-28 15:36 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-28 15:32 . 2008-01-28 15:33 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-28 14:19 . 2008-01-28 14:20 <DIR> d-------- C:\Program Files\VIA
2008-01-28 14:15 . 2005-05-26 17:49 60,928 --a------ C:\WINDOWS\system32\driver
2008-01-28 11:19 . 2008-01-28 11:19 <DIR> d-------- C:\Documents and Settings\Curt\ReplayPhotoC
2008-01-28 09:37 . 2008-01-28 09:37 <DIR> d-------- C:\WINDOWS\Sun
2008-01-28 09:37 . 2008-01-28 09:37 <DIR> d-------- C:\Program Files\Java
2008-01-28 09:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacp
2008-01-28 09:07 . 2008-01-28 09:53 <DIR> d-------- C:\dvarchive
2008-01-28 08:56 . 2008-01-28 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 08:11 . 2008-01-28 08:11 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\Uniblue
2008-01-28 05:46 . 2005-04-08 22:14 2,823 --a------ C:\WINDOWS\system32\crazy.
2008-01-28 05:46 . 2006-06-15 09:51 110 --a------ C:\WINDOWS\system32\start.
2008-01-28 05:46 . 2005-03-27 22:38 39 --a------ C:\WINDOWS\system32\iass.b
2008-01-27 22:49 . 2008-01-27 22:49 <DIR> d-------- C:\Program Files\PCPitstop
2008-01-27 22:49 . 2008-01-30 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-27 16:20 . 2008-01-27 16:20 <DIR> d-------- C:\Program Files\TechTracker
2008-01-27 16:20 . 2008-01-27 20:09 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\VersionTracker Pro
2008-01-27 15:00 . 2008-01-27 15:00 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-27 14:52 . 2008-01-27 15:33 8 --a------ C:\WINDOWS\system32\succes
2008-01-27 14:51 . 2008-01-27 14:51 <DIR> d-------- C:\Program Files\USBancorp
2008-01-26 13:24 . 2008-01-26 13:24 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\vlc
2008-01-26 13:23 . 2008-01-26 13:23 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-26 11:27 . 2008-01-26 11:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-26 10:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltu
2008-01-26 10:39 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltu
2008-01-25 23:10 . 2008-01-30 22:20 <DIR> d-------- C:\WiRNS
2008-01-25 22:59 . 2008-01-25 22:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-25 16:42 . 2008-01-30 18:34 30,264 --a------ C:\WINDOWS\system32\BMXSta
2008-01-25 16:42 . 2008-01-30 18:34 30,264 --a------ C:\WINDOWS\system32\BMXSta
2008-01-25 16:42 . 2008-01-30 18:34 27,816 --a------ C:\WINDOWS\system32\BMXCtr
2008-01-25 16:42 . 2008-01-30 18:34 27,816 --a------ C:\WINDOWS\system32\BMXBkp
2008-01-25 16:42 . 2008-01-30 18:34 11,564 --a------ C:\WINDOWS\system32\DVCSta
2008-01-25 16:42 . 2008-01-30 18:34 1,080 --a------ C:\WINDOWS\system32\settin
2008-01-25 16:42 . 2008-01-30 18:34 1,080 --a------ C:\WINDOWS\system32\settin
2008-01-25 16:41 . 2008-01-30 18:33 3,162,278 --a------ C:\WINDOWS\{00000000-00000
2008-01-25 16:40 . 2008-01-25 16:43 <DIR> d-------- C:\WINDOWS\system32\Defaul
2008-01-25 16:40 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM
2008-01-25 16:40 . 2008-01-30 18:33 3,162,278 --a------ C:\WINDOWS\{00000000-00000
2008-01-25 16:39 . 2008-01-25 16:41 <DIR> d-------- C:\Program Files\Creative
2008-01-25 16:39 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwd
2008-01-25 16:39 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-01-25 16:39 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapx
2008-01-25 16:30 . 2008-01-30 17:37 8,627 --a------ C:\WINDOWS\system32\PAV_FO
2008-01-25 16:23 . 2008-01-30 22:37 261,920 --a------ C:\WINDOWS\system32\driver
2008-01-25 16:23 . 2008-01-30 22:37 1,204 --a------ C:\WINDOWS\system32\driver
2008-01-25 16:20 . 2008-01-25 16:20 <DIR> d-------- C:\Program Files\Panda Software
2008-01-25 16:20 . 2008-01-25 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-01-25 16:19 . 2008-01-25 16:19 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-25 16:19 . 2007-02-19 07:21 170,800 --a------ C:\WINDOWS\system32\driver
2008-01-25 16:19 . 2007-03-12 10:27 31,104 --a------ C:\WINDOWS\system32\driver
2008-01-25 15:09 . 2008-01-25 15:09 <DIR> d-------- C:\Program Files\Symantec
2008-01-25 15:09 . 2008-01-28 15:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 15:08 . 2008-01-25 16:19 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-25 14:59 . 2008-01-25 14:59 <DIR> d-------- C:\Program Files\Radmin
2008-01-25 14:59 . 2008-01-25 14:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-25 14:59 . 2001-07-24 10:15 241,664 --a------ C:\WINDOWS\system32\r_serv
2008-01-25 14:59 . 2000-07-10 07:06 90,112 --a------ C:\WINDOWS\system32\admdll
2008-01-25 14:59 . 2000-07-08 01:29 29,408 --a------ C:\WINDOWS\system32\raddrv
2008-01-25 14:52 . 2008-01-25 14:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-25 14:51 . 2008-01-25 14:51 <DIR> d-------- C:\Program Files\MSBuild
2008-01-25 14:48 . 2008-01-25 15:02 <DIR> d-------- C:\WINDOWS\system32\XPSVie
2008-01-25 14:48 . 2008-01-25 14:48 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-25 14:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2
2008-01-25 14:45 . 2008-01-25 14:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-25 14:45 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:45 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:45 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:44 . 2008-01-25 14:44 <DIR> d-------- C:\WINDOWS\system32\LogFil
2008-01-25 14:44 . 2008-01-25 14:44 <DIR> d-------- C:\WINDOWS\system32\driver
2008-01-25 14:29 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:29 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:26 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcac
2008-01-25 14:16 . 2008-01-25 16:39 <DIR> d-------- C:\WINDOWS\system32\data
2008-01-25 14:16 . 2008-01-25 14:16 <DIR> d-------- C:\Documents and Settings\Curt\Application Data\Creative
2008-01-25 14:16 . 2008-01-25 14:16 409,600 --a------ C:\WINDOWS\system32\wrap_o
2008-01-25 14:16 . 2008-01-25 14:16 114,688 --a------ C:\WINDOWS\system32\OpenAL
2008-01-25 14:01 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcac
2008-01-25 13:49 . 2008-01-25 14:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 13:42 . 2008-01-25 13:42 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-25 13:42 . 2008-01-25 13:42 <DIR> d-------- C:\WINDOWS\peernet
2008-01-25 13:42 . 2008-01-25 13:47 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-25 13:41 . 2008-01-25 13:41 <DIR> d-------- C:\WINDOWS\ServicePackFile
2008-01-25 13:38 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupds
2008-01-25 13:37 . 2008-01-25 13:37 <DIR> d-------- C:\WINDOWS\EHome
2008-01-25 13:32 . 2007-12-20 21:47 3,120,640 --a------ C:\WINDOWS\system32\ati3du
2008-01-25 13:24 . 2008-01-25 13:24 <DIR> d--h----- C:\WINDOWS\system32\GroupP
2008-01-25 13:21 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon
2008-01-25 13:21 . 2008-01-25 13:21 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-25 13:20 . 2008-01-25 13:20 <DIR> d-------- C:\Program Files\Microsoft.NET
.
((((((((((((((((((((((((((
.
2008-01-31 03:37 261,920 ----a-w C:\WINDOWS\system32\driver
2008-01-31 03:37 1,204 ----a-w C:\WINDOWS\system32\driver
2008-01-25 17:59 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\driver
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dv
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiie
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2ed
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2md
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdl
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdsp
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2ev
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2ev
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativva
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atiogl
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvm
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\driver
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cq
2007-12-21 02:05 593,920 ------w C:\WINDOWS\system32\ati2sg
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscori
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscore
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscori
2007-10-11 14:55 88,576 ----a-w C:\WINDOWS\system32\infoca
2007-10-11 14:55 579,584 ----a-w C:\WINDOWS\system32\icarda
2007-10-11 14:55 11,776 ----a-w C:\WINDOWS\system32\icardr
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\winine
2007-10-09 18:03 779,800 ----a-w C:\WINDOWS\system32\Presen
2007-10-09 18:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.
2007-10-09 18:03 493,080 ----a-w C:\WINDOWS\system32\evr.dl
2007-10-09 18:03 350,744 ----a-w C:\WINDOWS\system32\Presen
2007-10-09 18:03 33,304 ----a-w C:\WINDOWS\system32\Presen
2007-10-09 18:03 161,304 ----a-w C:\WINDOWS\system32\UIAuto
2007-10-09 18:03 106,520 ----a-w C:\WINDOWS\system32\Presen
2007-10-09 18:03 1,986,072 ----a-w C:\WINDOWS\system32\milcor
2007-10-09 17:58 16,896 ----a-w C:\WINDOWS\system32\tswpfw
2007-06-13 10:23 1,351,255 --sh--r C:\WINDOWS\system32\flrs.e
2007-06-13 10:23 325,751 --sh--r C:\WINDOWS\system32\xaamp.
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWAR
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe
"ctfmon.exe"="C:\WINDOWS\s
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBoos
[HKEY_LOCAL_MACHINE\SOFTWA
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-04-27 20:44 628272]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-04-17 18:29 27696]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIH
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\P
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-
"WiRNSMon"="C:\WiRNS\WiRNS
[HKEY_LOCAL_MACHINE\softwa
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.
R0 viamraid;viamraid;C:\WINDO
R1 AmdPPM;AMD HwPState Processor Driver;C:\WINDOWS\system32
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32
R2 r_server;Remote Administrator Service;"C:\WINDOWS\system
R2 WiRNS.exe;WiRNS;C:\WiRNS\W
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system
R3 PavSRK.sys;PavSRK.sys;C:\W
R3 PavTPK.sys;PavTPK.sys;C:\W
.
**************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 22:44:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************
.
Completion time: 2008-01-30 22:45:03
.
2008-01-25 20:48:21 --- E O F ---
ASKER
Thank you, Brian.
I thought that your recommendations were a bit much, at first, but they got the job done.
I thought that your recommendations were a bit much, at first, but they got the job done.
So it is working fine now ?
ASKER
So far, so good!
The files are no longer there, nor are they reappearing upon reboot.
I'm not certain which program got it, but you've given me the tools to self-diagnose going forward.
Thanks again.
Curt
The files are no longer there, nor are they reappearing upon reboot.
I'm not certain which program got it, but you've given me the tools to self-diagnose going forward.
Thanks again.
Curt
your welcome :)
http://www.majorgeeks.com/download5554.html