ComboFix 08-02-12.1 - tino 2008-02-12 11:28:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.571 [GMT 1:00]
Running from: C:\Documents and Settings\tino\Desktop\bafer1\ComboFix.exe
* Created a new restore point
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-11 21:10 . 2008-02-11 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 15:50 . 2008-02-07 15:50 <DIR> d-------- C:\Program Files\THQ
2008-02-07 15:49 . 2008-02-07 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Program Files\Real
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-20 15:39 . 2008-01-20 15:39 183,416 -r-hs---- C:\WINDOWS\system32\wnss.exe
2008-01-19 14:33 . 2008-01-19 14:33 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-13 17:22 . 2008-01-13 17:22 <DIR> d-------- C:\Documents and Settings\tino\Application Data\IrfanView
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-06 16:17 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-31 18:14 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2008-01-20 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 18:05 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-17 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-09 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 21:49 --------- d-----w C:\Documents and Settings\tino\Application Data\Dev-Cpp
2007-12-14 23:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-14 20:04 22,328 ----a-w C:\Documents and Settings\tino\Application Data\PnkBstrK.sys
2007-12-14 19:40 --------- d-----w C:\Program Files\Activision
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-12 17:47 262,884 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
2007-11-12 14:19 558,142 ----a-w C:\WINDOWS\java\Packages\PBFBT33Z.ZIP
2007-11-12 14:19 155,995 ----a-w C:\WINDOWS\java\Packages\GPNPJ5B9.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ToUcamVProperty"="C:\PROGRA~1\PHILIP~1\VProperty.exe" [2003-04-02 14:56 131072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager]
--------- 2003-05-28 11:37 118784 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-01 17:30 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Console Norms]
R2 wnss;Windows Network Security Service;C:\WINDOWS\system32\wnss.exe [2008-01-20 15:39]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a957912-bee6-11dc-afcc-0008541ab64e}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a12d3d6-c91c-11dc-b00b-0008541ab64e}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-12 11:29:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ToUcamVProperty = C:\PROGRA~1\PHILIP~1\VProperty.exe??~?1?\?V?P?r?o?p?e?r?t?y?.?e?x?e???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-12 11:29:44
.
2007-12-02 01:06:22 --- E O F ---
combofix log...