I posted a few weeks ago and didnt get any response. Whenever I do a search through internet explorer I get redirected to different sites. It seems to be the adware.newdotnet virus but I cant seem to get rid of it. Here is my HJT log and Combofix log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:19 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\hijackthis\analyzethis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AECDBE9E-0F34-4F3A-9298-80184EF06D29} - C:\WINDOWS\system32\dgsetu.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA52EF0-D32C-47CF-96E8-1B62FAD1A931}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE9067B6-157C-45CD-B1A4-E89F73B970A4}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.117
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7416 bytes
ComboFix 07-12-21.4 - Owner 2007-12-20 20:34:58.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.311 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\WINDOWS\SYSTEM32\dgsetu.1
C:\WINDOWS\system32\kdpdz.exe
C:\WINDOWS\system32\dgsetu.dll . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.
2007-12-20 20:22 . 2007-12-20 20:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-12-20 20:21 . 2007-12-20 20:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-12-16 14:20 . 2007-12-16 14:20 <DIR> d-------- C:\Program Files\eGames
2007-12-16 14:20 . 2000-03-21 00:55 118,784 --a------ C:\WINDOWS\SYSTEM32\vbalNCSM6.dll
2007-12-16 14:20 . 1999-03-26 00:00 101,888 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2007-12-16 14:20 . 2000-07-17 14:41 70,088 --a------ C:\WINDOWS\SYSTEM32\Project2-1.ocx
2007-12-16 14:20 . 1999-02-19 08:54 40,960 --a------ C:\WINDOWS\SYSTEM32\SSubTmr6.dll
2007-12-16 14:20 . 2000-04-06 15:58 1,453 --a------ C:\WINDOWS\SYSTEM32\Project2.INF
2007-12-12 17:03 . 2007-12-12 17:03 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2007-12-03 16:23 . 2007-12-13 11:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 16:23 . 2007-12-03 16:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 20:55 . 2007-11-30 20:55 <DIR> d-------- C:\Snes9x
2007-11-30 20:55 . 2007-11-30 20:54 216,064 --a------ C:\WINDOWS\iun3405.exe
2007-11-30 11:46 . 2007-11-30 11:46 <DIR> d-------- C:\VundoFix Backups
2007-11-30 01:28 . 2007-11-30 01:30 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-11-30 01:28 . 2007-11-30 01:28 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-11-26 01:23 . 2007-11-26 01:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-26 01:23 . 2007-11-26 01:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 23:27 --------- d-----w C:\Program Files\LimeWire
2007-12-01 02:38 --------- d-----w C:\Program Files\nes
2007-11-30 15:47 --------- d-----w C:\Program Files\Lx_cats
2007-11-30 07:31 --------- d-----w C:\Program Files\Coupons
2007-11-26 06:24 --------- d-----w C:\Program Files\Lavasoft
2007-11-26 06:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 04:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-07 02:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
2007-10-29 11:35 --------- d-----w C:\Program Files\AIM6
2007-10-29 11:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-10-29 11:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2007-10-26 02:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\GrabIt
2007-10-26 02:04 --------- d-----w C:\Program Files\GrabIt
2007-10-21 08:23 --------- d-----w C:\Program Files\MSXML 4.0
2007-02-02 15:48 28,672 -c--a-w C:\Documents and Settings\Owner\atwbxdet.dll
2006-06-10 10:57 1,775,221 -c--a-w C:\Program Files\NXSetup_multi.exe
2005-04-29 08:42 1,794 -c--a-w C:\Documents and Settings\Owner\Application Data\D - HL-DT-ST - RW-DVD GCC-4481B - C103.dat
2005-04-29 08:42 1,608 -c--a-w C:\Documents and Settings\Owner\Application Data\E - ELBY - DVD-ROM - 1.0.dat
2005-01-01 19:53 1,302,070 -c--a-w C:\Program Files\GrabIt151b.exe
2004-12-22 18:43 376,656 -c--a-w C:\Program Files\musicmatch_installer.exe
2004-12-20 04:25 4,039,438 -c--a-w C:\Program Files\dvdpro.zip
2004-12-15 02:10 590 -c--a-w C:\Program Files\FlipWords.ini
2004-12-14 05:45 4,354,751 -c--a-w C:\Program Files\FlipWordsSetup.exe
2004-12-05 18:06 487,544 -c--a-w C:\Program Files\msgr6suite.exe
2004-02-19 07:26 1,131,802 -c--a-w C:\Program Files\CUSTOMART.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AECDBE9E-0F34-4F3A-9298-80184EF06D29}]
2003-07-16 15:26 105541 --a------ C:\WINDOWS\system32\dgsetu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-01-28 15:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\narrator.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0d\AOL.EXE -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-18 16:42 79448 --a--c--- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 09:40 34904 -ra--c--- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 16:14 147456 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 01:04 114741 --a--c--- C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 16:03 125528 --a--c--- C:\Program Files\Common Files\AOL\1102310935\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 08:59 126976 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 09:03 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 08:14 270648 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCFCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2003-12-08 14:38 245760 --a--c--- c:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2004-01-28 15:48 180224 --a--c--- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 10:06 11776 --a--c--- C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 10:06 110592 --a--c--- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
2006-01-19 10:06 102400 --a--c--- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-08-13 19:04 5562368 --a------ C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scan Spyware]
C:\Program Files\ScanSpyware v3.6\Scanner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
C:\Program Files\TrojanHunter 4.2\THGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 12:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\You've Got Pictures Screensaver]
C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe
R0 bwtxznul;bwtxznul;C:\WINDOWS\system32\drivers\ozhvqaso.sys []
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 hfznagrr;hfznagrr;C:\WINDOWS\system32\drivers\hfznagrr.sys []
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 03:06]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 14:57]
S3 xlink;XLink Driver (xlink.sys);C:\WINDOWS\system32\Drivers\xlink.sys [2001-01-02 17:53]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\36287c26-6fe0-4d80-89df-1cb736ca253a]
C:\WINDOWS\system32\doxqaxo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\36287c26-6fe0-4d80-89df-1cb736ca253a]
C:\WINDOWS\system32\doxqaxo.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-09 16:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-21 00:43:03 C:\WINDOWS\Tasks\McAfee.com Update Check (JNE-Owner).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 20:42:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-20 20:44:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-16 23:50
.
2007-12-12 22:03:44 --- E O F ---
Thanks in advance