Thread: no control panel virus
View Single Post
Old 12-12-2007, 07:30 PM   #10 (permalink)
jrdfrodude
Registered User
 
Join Date: Dec 2007
Posts: 9
OS: xp


combofix log
ComboFix 07-12-12.3 - Administrator 2007-12-11 21:41:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.166 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\F2VNACHN\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-06 21:51 . 2007-12-06 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 21:47 . 2007-12-06 21:47 <DIR> d-------- C:\Deckard
2007-12-05 21:11 . 2007-12-05 21:11 434 --a------ C:\Documents and Settings\Administrator\peek.bat
2007-11-25 21:00 . 2007-12-11 21:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-25 21:00 . 2007-11-25 21:00 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-12 21:59 . 2007-12-11 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-12 21:34 . 2007-11-12 21:32 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-12 21:34 . 2007-11-12 21:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-12 21:34 . 2007-11-12 21:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-12 21:34 . 2007-11-12 21:31 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-12 21:34 . 2007-11-12 21:32 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-12 21:34 . 2007-11-12 21:34 4,142 --a------ C:\WINDOWS\system32\tmp.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 01:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\WeatherBug
2007-11-13 02:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-12 01:23 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-05 02:37 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-11-05 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 01:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-05 01:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-05 01:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-05 01:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-05 01:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-30 01:16 --------- d-----w C:\Program Files\AIM6
2007-10-30 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-30 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-03-28 20:57 34,744 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 05:56 C:\WINDOWS\system32\nview.dll]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-08-01 11:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 14:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 14:02]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 10:23]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-11-04 01:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-28 00:15]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-08-19 05:56 C:\WINDOWS\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 19:11]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 21:13]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 19:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2004-08-18 06:44]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-07-23 14:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 09:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 11:20:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-28 00:51:45]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

.
jrdfrodude is offline