ComboFix 09-06-26.02 - Jose Sanhueza 28/06/2009 15:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.223.96 [GMT -4:00]
Running from: c:\documents and settings\Jose Sanhueza\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\cmapp
c:\program files\Dynamic Toolbar
c:\program files\INSTALL.LOG
c:\program files\WhenUSearch
c:\windows\Downloaded Program Files\egcomservice_pack.inf
c:\windows\Nail.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SVCPROC
-------\Legacy_WINDOWS_VISFX_COMPONENTS
-------\Legacy_ZESOFT
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.
2009-06-28 16:44 . 2009-06-28 16:44 -------- d-----w- c:\program files\CCleaner
2009-06-28 03:18 . 2009-06-28 03:18 -------- d-----w- c:\program files\Trend Micro
2009-06-28 02:03 . 2009-06-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MotiveSysIDs
2009-06-27 17:55 . 2006-03-09 20:46 28005 ----a-r- c:\windows\system32\drivers\enethusb.sys
2009-06-27 17:50 . 2009-06-27 17:50 -------- d-----w- c:\windows\system32\CodeBaby
2009-06-27 17:50 . 2004-10-19 01:27 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2009-06-27 17:50 . 2004-10-19 01:27 6048 ----a-w- c:\windows\system32\MCC16.dll
2009-06-27 17:49 . 2009-06-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-27 17:49 . 2009-06-28 02:02 -------- d-----w- c:\program files\Common Files\Motive
2009-06-24 08:59 . 2009-06-24 08:59 -------- d-----w- c:\documents and settings\Administrator.ALEXANDRE\Application Data\Lavasoft
2009-06-24 04:56 . 2009-06-24 05:35 -------- d-s---w- c:\documents and settings\Administrator
2009-06-23 19:02 . 2009-06-24 05:35 -------- d-----w- c:\program files\XoftSpySE
2009-06-23 01:43 . 2009-06-23 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-23 01:42 . 2009-06-23 01:42 -------- d-----w- c:\program files\Bonjour
2009-06-23 01:37 . 2009-06-23 01:37 -------- d-----w- c:\documents and settings\Jose Sanhueza\Local Settings\Application Data\Apple
2009-06-23 01:37 . 2009-06-23 01:37 -------- d-----w- c:\program files\Apple Software Update
2009-06-23 01:33 . 2009-06-23 01:44 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 01:32 . 2009-06-23 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-21 23:48 . 2009-06-28 16:47 -------- d-----w- C:\Comprob
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-26 02:39 . 2006-10-19 13:23 -------- d-----w- c:\documents and settings\Jose Sanhueza\Application Data\SiteAdvisor
2009-06-25 00:52 . 2009-06-24 05:37 -------- d-----w- c:\program files\iTunes
2009-06-25 00:44 . 2006-10-19 12:57 -------- d-----w- c:\program files\McAfee
2009-06-24 20:38 . 2008-03-12 22:44 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-24 08:40 . 2005-08-07 00:04 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-06-24 06:11 . 2004-01-27 07:41 -------- d-----w- c:\program files\Google
2009-06-23 01:44 . 2005-10-10 21:52 -------- d-----w- c:\program files\iPod
2009-06-23 01:41 . 2005-10-10 21:56 -------- d-----w- c:\program files\QuickTime
2009-06-21 02:46 . 2005-09-27 02:06 -------- d-----w- c:\documents and settings\Jose Sanhueza\Application Data\Skype
2009-05-07 15:44 . 2003-05-27 15:42 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-02-07 01:05 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2003-05-27 15:42 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-04-14 04:31 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2005-02-05 15:53 . 2005-02-05 15:53 4354084 ----a-w- c:\program files\spybotsd13.exe
2004-12-18 04:41 . 2004-12-18 04:41 2 ----a-w- c:\program files\file.txt
2004-10-02 07:02 . 2004-10-02 07:02 488032 ----a-w- c:\program files\PopUpStopperFree.exe
2008-09-21 18:56 . 2007-03-24 23:55 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-09-21 18:56 . 2007-03-24 23:55 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-21 18:56 . 2007-03-24 23:55 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-09-21 18:56 . 2007-03-24 23:55 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-09-21 18:56 . 2007-03-24 23:55 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [21/01/2004 11:44 PM 9344]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [21/01/2004 11:44 PM 448640]
.
Contents of the 'Scheduled Tasks' folder
2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2008-08-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2003-05-27 07:56]
2008-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2006-10-19 14:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jose Sanhueza\Application Data\Mozilla\Firefox\Profiles\p7573jio.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-28 15:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3196)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
.
************************************************** ************************
.
Completion time: 2009-06-28 15:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 19:25
Pre-Run: 54,833,545,216 bytes free
Post-Run: 54,779,420,672 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
203 --- E O F --- 2009-06-21 05:33
------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:05 PM, on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
--
End of file - 3760 bytes
Computer Stops itself, Need to unplug then able to Start 
or 
under my avatar; it helps me know that my advice actually helped you. 
Linear Mode
