something wrong

DogDragon

I was told to tell you I have a RPC server error
and something about winstock.
The guy that was here used a winstock fix to get me back on line


here's the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 3:53:30 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\DOCUME~1\SMXHOS~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\gsqxvpos.dll",realset
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)

it's says FAH is missing a file but it's folding

muuli

Hi DogDragon

Create a new folder named HijackThis to your Local drive (C), move HijackThis.exe into that folder. After this, rename HijackThis.exe to Scanner.exe. Next, please do a new scan for HijackThis and post a fresh log here

DogDragon

Logfile of HijackThis v1.99.1
Scan saved at 4:17:18 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SMx Host\Desktop\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\okwjasgs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A50C7E4-B7E2-4EFC-B34A-F9EA0349A841} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CACA7731-9C77-464A-B1B7-462281DD8164} - C:\WINDOWS\system32\byxuvuv.dll (file missing)
O2 - BHO: (no name) - {FBC0ACE0-CCAD-4D17-AFB9-8904103CAF25} - C:\WINDOWS\system32\mlbgohrv.dll (file missing)
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\gsqxvpos.dll",realset
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O20 - Winlogon Notify: byxuvuv - byxuvuv.dll (file missing)
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)

muuli

Hi DogDragon

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

DogDragon

Logfile of HijackThis v1.99.1
Scan saved at 5:52:17 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\SMx Host\Desktop\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\okwjasgs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A50C7E4-B7E2-4EFC-B34A-F9EA0349A841} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FBC0ACE0-CCAD-4D17-AFB9-8904103CAF25} - C:\WINDOWS\system32\mlbgohrv.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O20 - Winlogon Notify: byxuvuv - byxuvuv.dll (file missing)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)

DogDragon

Oh and VundoFix didn't find anything the second time I ran it
What's next

muuli

Hi DogDragon

Okay 8)

What Firewall and Anti-Virus you use?

Open HijackThis, press do a system scan only, checkmark these lines:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6A50C7E4-B7E2-4EFC-B34A-F9EA0349A841} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {FBC0ACE0-CCAD-4D17-AFB9-8904103CAF25} - C:\WINDOWS\system32\mlbgohrv.dll (file missing)
O20 - Winlogon Notify: byxuvuv - byxuvuv.dll (file missing)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
Close all windows including browser and press Fix checked.

1. Download this file - combofix.exe
and save it to your desktop.

2. Go to start -> run.
type this in box and click ok

"%userprofile%\desktop\ComboFix.exe" /v okwjasgs

3. When finished, it shall produce a log for you. Post Combofix log, a fresh HijackThis log and the contents C:\vundofix.txt

4. Reboot

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

DogDragon

muuli wrote:

Hi DogDragon

Okay 8)

What Firewall and Anti-Virus you use?

Open HijackThis, press do a system scan only, checkmark these lines:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6A50C7E4-B7E2-4EFC-B34A-F9EA0349A841} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {FBC0ACE0-CCAD-4D17-AFB9-8904103CAF25} - C:\WINDOWS\system32\mlbgohrv.dll (file missing)
O20 - Winlogon Notify: byxuvuv - byxuvuv.dll (file missing)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
Close all windows including browser and press Fix checked.

1. Download this file - combofix.exe
and save it to your desktop.

2. Go to start -> run.
type this in box and click ok

"%userprofile%\desktop\ComboFix.exe" /v okwjasgs

3. When finished, it shall produce a log for you. Post Combofix log, a fresh HijackThis log and the contents C:\vundofix.txt

4. Reboot

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

It had McAfee Antivirus and Firewall but uninstall it to do the fix to get
back online.(that what the guy from comcast wanted, not sure about that guy. That why I'm here he said put mcafee back and you're ready to go.)
I have to put it back, but figture do all I have to without it
than put it back when all is done.

Ok I did that start > run and it rebooted and I waited an hour and was
still looking at a blue box just setting there.

Ok where do I find the vundofix.txt at?
But here's the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:41, on 2007-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\SMx Host\Desktop\hijackthis\scanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [*combofix] C:\WINDOWS\system32\cmd.exe /e:on /f:off /v:off /c C:\ComboFix\Combofix.bat /v okwjasgs
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)

DogDragon

ok found it

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 5:41:49 PM 5/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxuvuv.dll
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\fduconlr.ini
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gsqxvpos.dll
C:\WINDOWS\system32\mpfjncxx.dll
C:\WINDOWS\system32\rdasdamw.ini
C:\WINDOWS\system32\rlnocudf.dll
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\sopvxqsg.ini
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\wmadsadr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\ccbeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\fduconlr.ini
C:\WINDOWS\system32\fduconlr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsqxvpos.dll
C:\WINDOWS\system32\gsqxvpos.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rdasdamw.ini
C:\WINDOWS\system32\rdasdamw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rlnocudf.dll
C:\WINDOWS\system32\rlnocudf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sopvxqsg.ini
C:\WINDOWS\system32\sopvxqsg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ssttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wmadsadr.dll
C:\WINDOWS\system32\wmadsadr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 5:55:53 PM 5/30/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 11:43:56 2007-05-31

Listing files found while scanning....

No infected files were found.

DogDragon

Ok I put mcafee back.

muuli

Hello DogDragon

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once the scan is complete, Right Click inside the listbox (white box) and click add more files
• Copy&Paste the entries below into the boxes:
  • C:\WINDOWS\system32\byxuvuv.dll
  • C:\WINDOWS\system32\mpfjncxx.dll
• Click Add Files and Click Close Window
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

ComboFix log should be find here:
C:\ComboFix\ComboFix.txt

Please post a fresh HijackThis log, ComboFix log and VundoFix log

DogDragon

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 15:26:08 2007-05-31

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.11

Scan started at 15:35:29 2007-05-31

Listing files found while scanning....

No infected files were found.


Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SMx Host\Desktop\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [*combofix] C:\WINDOWS\system32\cmd.exe /e:on /f:off /v:off /c C:\ComboFix\Combofix.bat /v okwjasgs
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O23 - Service: McAfee Application Installer Cleanup (0005181180632999) (0005181180632999mcinstcleanup) - Unknown owner - C:\DOCUME~1\SMXHOS~1\LOCALS~1\Temp\000518~1.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

DogDragon

"SMx Host" - 2007-05-31 15:47:25 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\SMx Host\Desktop\"

this is all that combofix said this only have a 4gig harddrive and an hour
it should've been able to check twice.

muuli

Hi DogDragon

I'm so sorry because my reply for delay

Okay,

Try This.

Remove via Add/Remove programs(press Start->Controlpanel->Add/Remove programs):
Paltalk Messenger

Open HijackThis, press Do system scan only, checkmark these lines:
O4 - HKLM\..\Run: [*combofix] C:\WINDOWS\system32\cmd.exe /e:on /f:off /v:off /c C:\ComboFix\Combofix.bat /v okwjasgs
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
Close all windows including browser and press Fix checked.

Show hidden files:
1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Reboot your computer in Safe mode:
1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.

Delete this folder, if found:
C:\Program Files\Paltalk Messenger

Restart your computer to normal mode.

1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post a fresh HijackThis log and ComboFix log

DogDragon

Ok deleted paltalk and here's the logs you asked

Logfile of HijackThis v1.99.1
Scan saved at 8:35:04 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\SMx Host\Desktop\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Application Installer Cleanup (0005181180632999) (0005181180632999mcinstcleanup) - Unknown owner - C:\DOCUME~1\SMXHOS~1\LOCALS~1\Temp\000518~1.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe



"SMx Host" - 2007-06-04 8:12:06 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\SMx Host\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\okwjasgs.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



-- Purity Folders:

C:\WINDOWS\FNTS~1



((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))


2007-05-31 13:37 37,480 --a

---

C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-05-31 13:37 34,184 --a

---

C:\WINDOWS\system32\drivers\mfebopk.sys
2007-05-31 13:37 32,008 --a

---

C:\WINDOWS\system32\drivers\mferkdk.sys
2007-05-31 13:37 170,408 --a

---

C:\WINDOWS\system32\drivers\mfehidk.sys
2007-05-31 13:36 71,496 --a

---

C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-05-31 13:36 109,608 --a

---

C:\WINDOWS\system32\drivers\Mpfp.sys
2007-05-31 13:36 <DIR> d

---

C:\Program Files\McAfee.com
2007-05-31 13:35 <DIR> d

---

C:\Program Files\McAfee
2007-05-31 13:35 <DIR> d

---

C:\Program Files\Common Files\McAfee
2007-05-30 17:41 <DIR> d

---

C:\VundoFix Backups
2007-05-30 13:03 <DIR> d

---

C:\WINDOWS\system32\NtmsData
2007-05-29 07:19 92,160 --a

---

C:\WINDOWS\system32\evntwin.exe
2007-05-29 07:19 8,704 --a

---

C:\WINDOWS\system32\snmptrap.exe
2007-05-29 07:19 6,144 --a

---

C:\WINDOWS\system32\snmpmib.dll
2007-05-29 07:19 39,936 --a

---

C:\WINDOWS\system32\hostmib.dll
2007-05-29 07:19 33,792 --a

---

C:\WINDOWS\system32\lmmib2.dll
2007-05-29 07:19 33,280 --a

---

C:\WINDOWS\system32\snmp.exe
2007-05-29 07:19 24,064 --a

---

C:\WINDOWS\system32\evntcmd.exe
2007-05-29 07:19 101,888 --a

---

C:\WINDOWS\system32\evntagnt.dll
2007-05-28 21:28 <DIR> d

---

C:\Program Files\Silicon Image
2007-05-28 20:58 97,408 --a

---

C:\WINDOWS\system32\Si3112r.sys
2007-05-28 20:58 110,592 --a

---

C:\WINDOWS\system32\Instdll.dll
2007-05-28 20:58 10,240 --a

---

C:\WINDOWS\system32\SIWinAcc.sys
2007-05-28 20:40 159,744 --a

---

C:\WINDOWS\system32\nvuenet.exe
2007-05-28 08:27 <DIR> d

---

C:\Program Files\JLC's Software
2007-05-28 07:16 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Joost
2007-05-28 07:15 <DIR> d

---

C:\Program Files\Joost
2007-05-26 07:28 737,280 --a

---

C:\WINDOWS\iun6002.exe
2007-05-25 03:00 22,752 --a

---

C:\WINDOWS\system32\spupdsvc.exe
2007-05-25 03:00 <DIR> d--h

---

C:\WINDOWS\$hf_mig$
2007-05-25 03:00 <DIR> d

---

C:\WINDOWS\system32\PreInstall
2007-05-24 07:33 <DIR> d

---

C:\WINDOWS\system32\SoftwareDistribution
2007-05-24 07:18 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-23 08:32 1,060,864 --a

---

C:\WINDOWS\system32\MFC71.dll
2007-05-23 08:32 <DIR> d

---

C:\Program Files\Alwil Software
2007-05-20 10:32 499,712 --a

---

C:\WINDOWS\system32\msvcp71.dll
2007-05-20 10:32 348,160 --a

---

C:\WINDOWS\system32\msvcr71.dll
2007-05-20 08:03 <DIR> d

---

C:\Documents and Settings\SMXHOS~1\awc_dogdragon
2007-05-20 08:03 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\awc_dogdragon
2007-05-20 07:15 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Lavasoft
2007-05-19 21:37 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Help
2007-05-19 21:18 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-19 20:22 196,608 --a

---

C:\WINDOWS\system32\ssleay32.dll
2007-05-19 20:22 1,040,384 --a

---

C:\WINDOWS\system32\libeay32.dll
2007-05-14 12:36 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Azureus
2007-05-14 12:36 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-13 10:06 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\MusicIP
2007-05-13 10:05 <DIR> d

---

C:\Program Files\Winamp
2007-05-12 17:30 <DIR> d

---

C:\WINDOWS\system32\appmgmt
2007-05-06 03:10 <DIR> d

---

C:\Documents and Settings\SMXHOS~1\.housecall6.6
2007-05-06 03:10 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\.housecall6.6
2007-05-05 07:55 <DIR> d

---

C:\Program Files\Folding@Home


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 07:11:35

---

d

---

w C:\Program Files\Messenger
2007-05-29 11:19:13

---

d

---

w C:\Program Files\Online Services
2007-05-29 01:28:51

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-22 13:25:56

---

d

---

w C:\Program Files\Yahoo!
2007-05-13 13:59:12 10,165 ----a-w C:\WINDOWS\mozver.dat
2007-05-12 21:31:35

---

d

---

w C:\Program Files\Comcast Rhapsody
2007-05-12 21:29:50

---

d

---

w C:\Program Files\mozilla.org
2007-05-01 20:15:58

---

d

---

w C:\Program Files\Veoh Networks
2007-04-30 13:08:11

---

d

---

w C:\DOCUME~1\SMXHOS~1\APPLIC~1\Apple Computer
2007-04-28 15:38:29

---

d

---

w C:\Program Files\Common Files\Real
2007-04-28 15:37:43

---

d

---

w C:\DOCUME~1\SMXHOS~1\APPLIC~1\Real
2007-04-28 15:37:41 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-04-25 20:56:11

---

d

---

w C:\Program Files\CCleaner
2007-04-24 19:35:40

---

d

---

w C:\DOCUME~1\SMXHOS~1\APPLIC~1\Paltalk
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
backup=C:\WINDOWS\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SMx Host^Start Menu^Programs^Startup^Azureus Turbo Accelerator.lnk]
path=C:\Documents and Settings\SMx Host\Start Menu\Programs\Startup\Azureus Turbo Accelerator.lnk
backup=C:\WINDOWS\pss\Azureus Turbo Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SMx Host^Start Menu^Programs^Startup^Electron Microscope.lnk]
path=C:\Documents and Settings\SMx Host\Start Menu\Programs\Startup\Electron Microscope.lnk
backup=C:\WINDOWS\pss\Electron Microscope.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SMx Host^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\SMx Host\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\system32\wmadsadr.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
smanager.7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-05-31 17:36:27 C:\WINDOWS\tasks\McDefragTask.job
2007-06-01 05:00:03 C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 08:13:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0005181180632999mcinstcleanup]
"ImagePath"="C:\DOCUME~1\SMXHOS~1\LOCALS~1\Temp\000518~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

Completion time: 2007-06-04 8:14:29
C:\ComboFix-quarantined-files.txt ... 2007-06-04 08:14

--- E O F ---

muuli

Hi,

Please download AVG anti-spyware to your Desktop or to your usual Download Folder, from HERE

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Don't run a scan yet.

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]

It should look like this ->

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot your computer in Safe mode:
1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.

Delete these files/folders, if found:
C:\WINDOWS\iun6002.exe <--file
C:\Documents and Settings\SMx Host\Application Data\Paltalk <--folder
C:\WINDOWS\retadpu1000272.exe <--file
C:\WINDOWS\system32\wmadsadr.dll <--file

Please do a search:

• Go "Start">"Search">"All Files and Folders"
• Enter smanager.7.exe in "All or part of file name"
• Select "More advanced options"
• Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders".
• Click "Search". Right click the file and select delete.

Empty Recycle Bin.

NOTE: That file may not exist at all! If it doesn't, just skip the step above.

RUN AVG ANTI-SPYWARE
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

Please post a fresh HijackThis log, AVG Anti-Spyware report and ComboFix log

DogDragon

Sorry this took me so long I had to deal with Worker Comp (Jackas*es)

But here's what you asked Oh when I did the reg. it said "Not all data was successfully written to registry some keys are open by system or other processes"
I did the reg edit in safe mode and tried again in before posting this and it said the same.

AVG Anti-Spyware - Scan Report

---

+ Created at: 11:17:23 AM 6/6/2007

+ Scan result:



Nothing found.



::Report end


Logfile of HijackThis v1.99.1
Scan saved at 11:16:27 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SMx Host\Desktop\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2/zuma/popcaploader_v5.cab
O23 - Service: McAfee Application Installer Cleanup (0005181180632999) (0005181180632999mcinstcleanup) - Unknown owner - C:\DOCUME~1\SMXHOS~1\LOCALS~1\Temp\000518~1.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: [email]FAH@C:+FAH+FAH504-Console.exe[/email] - Unknown owner - C:\FAH\FAH504-Console.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe


"SMx Host" - 2007-06-06 11:19:04 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\SMx Host\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 ))))))))))))))))))))))))))))))))))


2007-06-04 15:15 10,872 --a

---

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-04 09:39 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-06-04 08:14 49,152 --a

---

C:\WINDOWS\nircmd.exe
2007-05-31 13:37 37,480 --a

---

C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-05-31 13:37 34,184 --a

---

C:\WINDOWS\system32\drivers\mfebopk.sys
2007-05-31 13:37 32,008 --a

---

C:\WINDOWS\system32\drivers\mferkdk.sys
2007-05-31 13:37 170,408 --a

---

C:\WINDOWS\system32\drivers\mfehidk.sys
2007-05-31 13:36 71,496 --a

---

C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-05-31 13:36 109,608 --a

---

C:\WINDOWS\system32\drivers\Mpfp.sys
2007-05-31 13:36 <DIR> d

---

C:\Program Files\McAfee.com
2007-05-31 13:35 <DIR> d

---

C:\Program Files\McAfee
2007-05-31 13:35 <DIR> d

---

C:\Program Files\Common Files\McAfee
2007-05-30 17:41 <DIR> d

---

C:\VundoFix Backups
2007-05-30 13:03 <DIR> d

---

C:\WINDOWS\system32\NtmsData
2007-05-29 07:19 92,160 --a

---

C:\WINDOWS\system32\evntwin.exe
2007-05-29 07:19 8,704 --a

---

C:\WINDOWS\system32\snmptrap.exe
2007-05-29 07:19 6,144 --a

---

C:\WINDOWS\system32\snmpmib.dll
2007-05-29 07:19 39,936 --a

---

C:\WINDOWS\system32\hostmib.dll
2007-05-29 07:19 33,792 --a

---

C:\WINDOWS\system32\lmmib2.dll
2007-05-29 07:19 33,280 --a

---

C:\WINDOWS\system32\snmp.exe
2007-05-29 07:19 24,064 --a

---

C:\WINDOWS\system32\evntcmd.exe
2007-05-29 07:19 101,888 --a

---

C:\WINDOWS\system32\evntagnt.dll
2007-05-28 21:28 <DIR> d

---

C:\Program Files\Silicon Image
2007-05-28 20:58 97,408 --a

---

C:\WINDOWS\system32\Si3112r.sys
2007-05-28 20:58 110,592 --a

---

C:\WINDOWS\system32\Instdll.dll
2007-05-28 20:58 10,240 --a

---

C:\WINDOWS\system32\SIWinAcc.sys
2007-05-28 20:40 159,744 --a

---

C:\WINDOWS\system32\nvuenet.exe
2007-05-28 07:16 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Joost
2007-05-25 03:00 22,752 --a

---

C:\WINDOWS\system32\spupdsvc.exe
2007-05-25 03:00 <DIR> d--h

---

C:\WINDOWS\$hf_mig$
2007-05-25 03:00 <DIR> d

---

C:\WINDOWS\system32\PreInstall
2007-05-24 07:33 <DIR> d

---

C:\WINDOWS\system32\SoftwareDistribution
2007-05-24 07:18 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-23 08:32 1,060,864 --a

---

C:\WINDOWS\system32\MFC71.dll
2007-05-23 08:32 <DIR> d

---

C:\Program Files\Alwil Software
2007-05-20 10:32 499,712 --a

---

C:\WINDOWS\system32\msvcp71.dll
2007-05-20 10:32 348,160 --a

---

C:\WINDOWS\system32\msvcr71.dll
2007-05-20 08:03 <DIR> d

---

C:\Documents and Settings\SMXHOS~1\awc_dogdragon
2007-05-20 08:03 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\awc_dogdragon
2007-05-20 07:15 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Lavasoft
2007-05-19 21:37 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Help
2007-05-19 21:18 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-19 20:22 196,608 --a

---

C:\WINDOWS\system32\ssleay32.dll
2007-05-19 20:22 1,040,384 --a

---

C:\WINDOWS\system32\libeay32.dll
2007-05-14 12:36 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\Azureus
2007-05-14 12:36 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-13 10:06 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\APPLIC~1\MusicIP
2007-05-12 17:30 <DIR> d

---

C:\WINDOWS\system32\appmgmt
2007-05-06 03:10 <DIR> d

---

C:\Documents and Settings\SMXHOS~1\.housecall6.6
2007-05-06 03:10 <DIR> d

---

C:\DOCUME~1\SMXHOS~1\.housecall6.6


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 09:55:46

---

d

---

w C:\Program Files\Folding@Home
2007-06-02 07:11:35

---

d

---

w C:\Program Files\Messenger
2007-05-29 11:19:13

---

d

---

w C:\Program Files\Online Services
2007-05-29 01:28:51

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-05-22 13:25:56

---

d

---

w C:\Program Files\Yahoo!
2007-05-13 13:59:12 10,165 ----a-w C:\WINDOWS\mozver.dat
2007-05-12 21:29:50

---

d

---

w C:\Program Files\mozilla.org
2007-05-01 20:15:58

---

d

---

w C:\Program Files\Veoh Networks
2007-04-30 13:08:11

---

d

---

w C:\DOCUME~1\SMXHOS~1\APPLIC~1\Apple Computer
2007-04-28 15:38:29

---

d

---

w C:\Program Files\Common Files\Real
2007-04-28 15:37:43

---

d

---

w C:\DOCUME~1\SMXHOS~1\APPLIC~1\Real
2007-04-28 15:37:41 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-04-25 20:56:11

---

d

---

w C:\Program Files\CCleaner
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll []
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
backup=C:\WINDOWS\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SMx Host^Start Menu^Programs^Startup^Azureus Turbo Accelerator.lnk]
path=C:\Documents and Settings\SMx Host\Start Menu\Programs\Startup\Azureus Turbo Accelerator.lnk
backup=C:\WINDOWS\pss\Azureus Turbo Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SMx Host^Start Menu^Programs^Startup^Electron Microscope.lnk]
path=C:\Documents and Settings\SMx Host\Start Menu\Programs\Startup\Electron Microscope.lnk
backup=C:\WINDOWS\pss\Electron Microscope.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SMx Host^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\SMx Host\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\system32\wmadsadr.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
smanager.7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-05-31 17:36:27 C:\WINDOWS\tasks\McDefragTask.job
2007-06-01 05:00:03 C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-06 11:20:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0005181180632999mcinstcleanup]
"ImagePath"="C:\DOCUME~1\SMXHOS~1\LOCALS~1\Temp\000518~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

Completion time: 2007-06-06 11:22:16
C:\ComboFix-quarantined-files.txt ... 2007-06-06 11:21
C:\ComboFix2.txt ... 2007-06-06 10:23
C:\ComboFix3.txt ... 2007-06-04 08:14

--- E O F ---