look.txt is empty
ComboFix 07-12-09.1 - Patricia Clark 2007-12-11 12:09:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.162 [GMT -6:00]
Running from: C:\Documents and Settings\Patricia Clark\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\temp\tn3
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\i2
C:\WINDOWS\system32\n8
C:\WINDOWS\system32\p4
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa01yy
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NWSAPAGENT
-------\core
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.
2007-12-11 08:19 . 2007-12-11 08:19 <DIR> d-------- C:\Deckard
2007-12-10 11:26 . 2007-12-10 11:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-10 11:26 . 2007-12-10 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 14:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-04 14:37 . 2007-12-04 14:38 <DIR> d-------- C:\Program Files\Java
2007-12-04 14:37 . 2007-12-04 14:37 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-04 09:52 . 2007-12-04 09:52 <DIR> d-------- C:\VundoFix Backups
2007-12-03 15:42 . 2007-12-03 15:43 <DIR> d-------- C:\Program Files\CCleaner2
2007-11-26 15:33 . 2007-11-26 15:33 268 --ah----- C:\sqmdata00.sqm
2007-11-26 15:33 . 2007-11-26 15:33 244 --ah----- C:\sqmnoopt00.sqm
2007-11-21 10:56 . 2007-11-21 10:56 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-21 10:54 . 2007-11-21 10:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-19 16:12 . 2007-12-10 11:11 1,010 --a------ C:\WINDOWS\wininit.ini
2007-11-19 13:25 . 2007-11-19 13:25 <DIR> d-------- C:\Documents and Settings\Patricia Clark\Application Data\TrojanHunter
2007-11-19 13:25 . 2007-11-19 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 13:24 . 2007-11-19 13:24 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-19 13:13 . 2005-10-14 14:45 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-11-19 12:16 . 2007-11-19 12:16 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-19 10:54 . 2007-11-19 10:54 <DIR> d-------- C:\Program Files\CCleaner
2007-11-19 09:28 . 2007-08-20 04:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-19 09:28 . 2007-04-17 03:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-19 09:28 . 2007-03-07 23:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-19 09:28 . 2007-08-20 04:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-19 09:28 . 2007-08-20 04:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-19 09:28 . 2007-08-20 04:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-19 09:28 . 2007-08-20 04:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-19 09:28 . 2007-08-20 04:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-19 09:28 . 2007-08-17 04:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-19 09:18 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-19 09:06 . 2007-11-19 09:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 20:26 . 2007-11-17 20:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-17 20:26 . 2007-11-17 20:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-17 20:26 . 2007-11-17 20:26 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-17 20:26 . 2007-11-17 20:26 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-17 19:30 . 2007-11-17 19:30 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-17 19:28 . 2007-12-11 08:09 <DIR> d-------- C:\Documents and Settings\Patricia Clark\Application Data\AVG7
2007-11-17 19:26 . 2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-17 19:26 . 2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 19:26 . 2007-11-17 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-17 19:02 . 2007-11-17 19:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 18:50 . 2007-11-17 18:50 6,470 --ahs---- C:\WINDOWS\system32\ilnmp.bak2
2007-11-17 17:39 . 2007-11-17 17:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-17 17:39 . 2007-11-17 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-17 17:13 . 2007-11-17 17:13 6,470 --ahs---- C:\WINDOWS\system32\ilnmp.bak1
2007-11-17 17:12 . 2007-11-17 19:30 7,342 --ahs---- C:\WINDOWS\system32\ilnmp.ini
2007-11-17 17:07 . 2007-11-17 19:32 <DIR> d--hs---- C:\WINDOWS\UGF0cmljaWEgQ2xhcms
2007-11-17 17:07 . 2007-11-17 17:07 <DIR> d-------- C:\WINDOWS\system32\BFBBC4BCBFBFC2C
2007-11-17 17:07 . 2007-12-11 12:11 <DIR> d-------- C:\Temp
2007-11-17 17:07 . 2007-11-17 17:07 166,945 --a------ C:\WINDOWS\system32\drivers\core.cache(4).dsk
2007-11-17 17:07 . 2007-11-17 17:07 166,945 --a------ C:\WINDOWS\system32\drivers\core.cache(3).dsk
2007-11-17 17:07 . 2007-11-17 17:07 166,945 --a------ C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-11-15 10:55 . 2007-11-15 10:55 <DIR> d-------- C:\Program Files\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-29 16:44 --------- d-----w C:\Documents and Settings\Patricia Clark\Application Data\ICAClient
2007-11-29 16:01 --------- d-----w C:\Program Files\Citrix
2007-11-26 20:52 --------- d-----w C:\Documents and Settings\Patricia Clark\Application Data\AdobeUM
2007-11-19 17:15 --------- d-----w C:\Program Files\Microsoft Works
2007-11-18 00:45 --------- d-----w C:\Program Files\Google
2007-11-09 17:59 --------- d-----w C:\Program Files\Windows Live
2007-11-09 16:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-09 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-29 14:34 --------- d-----w C:\Documents and Settings\Patricia Clark\Application Data\Viewpoint
2005-07-29 22:24 472 --sha-r C:\WINDOWS\UGF0cmljaWEgQ2xhcms\o3IXwA53uqH0kZU1wAP.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 03:33]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-17 19:26]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-17 19:26]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-11-28 05:50:45]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
*Newly Created Service* - HTTPFILTER
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\ijdoodkoREAD.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-11 12:14:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-11 12:15:09 - machine was rebooted
.
--- E O F ---