[evilfantasy]

Looks much better.

Now run CCleaner If you don't already have CCleaner be sure to download theSlim - No Toolbar version.

Next scan. This will take around 20 minutes to complete but will let us know what all is hiding.

Download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.

• Link 1
• Link 2

• Double-click mbam-setup.exe and follow the prompts to install the program.

If using Windows Vista, be sure to Run As Administrator

• At the end, be sure a check mark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Click Finish
• If an update is found, it will download and install the latest version.

If you encounter any problems while downloading the updates then manually download them from MalwareBytes'
Double-click on mbam-rules.exe to install.

• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process or, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

• Please copy and paste the log into your next reply

How is everything now?

[Mooseknuckle]

Evil im not sure if there are any problems on my laptop, but i would also like to do this process for it.....cant hurt right?

[evilfantasy]

No problem. Just start a new thread for any different computer. That way we don't get confused by trying to do two in the same thread.

[Mooseknuckle]

Ok...i wont keep you tonight, but i would say probably the beginning of next week i will start a post....should i just post the hijack log right off the bat??

[evilfantasy]

Yes that will be fine. It will let me know what tools to use.

[Mooseknuckle]

Malwarebytes' Anti-Malware 1.11
Database version: 615
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128969
Time elapsed: 38 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\files secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\orgnavi. dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db1 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db2 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db3 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db4 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.db5 (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\secure.exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Files-Secure\Uninstall.exe (Rogue.Files-Secure) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Files Secure 2.1.lnk (Rogue.Files-Secure) -> Quarantined and deleted successfully.

[evilfantasy]

That found a few more things then I thought it would. We should run combofix now.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
• Double click combofix.exe & follow the prompts.
  • Choose Yes to accept the Disclaimers.[
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

Next post add the Combofix log.

[Mooseknuckle]

while i am waiting for combofix to scan i would like to mention a couple of other things to see if you have a solution for.....one of them is that when i open IE it opens, but it is a very small box (restored down) and i have to click the maximize box for it to go full screen......the other problem is that in my add/remove programs window if i scroll down starting at about the R's on the list there is an open space with thick black vertical bars...this space is pretty long as it takes awhile to scroll to the next program on the list....and there are also like 30 windows updates in the add/remove window....any input is appreciated.

[Mooseknuckle]

ComboFix 08-04-11.5 - Owner 2008-04-11 21:26:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.452 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.
2008-04-11 20:29 . 2008-04-11 20:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 20:29 . 2008-04-11 20:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-11 20:29 . 2008-04-11 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 18:53 . 2008-04-11 18:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 22:44 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 23:06 . 2008-04-10 12:16 <DIR> d-------- C:\Program Files\Wise Disk Cleaner
2008-04-09 22:40 . 2008-04-09 22:41 <DIR> d-------- C:\Program Files\Ccleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-12 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 00:17 --------- d-----w C:\Program Files\Verizon Online
2008-04-12 00:16 --------- d-----w C:\Program Files\Yahoo!
2008-04-12 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-04-11 23:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-11 02:49 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-11 02:44 --------- d-----w C:\Program Files\Java
2008-04-10 15:38 --------- d-----w C:\Program Files\AIM
2008-04-10 15:37 --------- d-----w C:\Program Files\System Soap Pro
2008-04-10 15:37 --------- d-----w C:\Program Files\Morpheus
2008-04-10 15:37 --------- d-----w C:\Program Files\DAPlus
2008-04-10 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-03 16:54 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-01 02:03 46 ----a-w C:\tmp.bat
2008-01-03 01:01 1,509,118 ----a-w C:\Program Files\marshal picture.jpg
2007-01-13 04:38 407,680 ----a-w C:\Program Files\Install_AIM.exe
2006-12-08 02:28 5,900,416 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-10-25 00:00 1,609,094 ----a-w C:\Program Files\house2.skp
2006-09-03 00:03 190,048 ----a-w C:\Program Files\Morpheus.exe
2006-05-04 23:02 37,792 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-12-30 00:30 0 ---h--w C:\Program Files\AppUpdate.log
1998-12-08 21:53 99,840 -c--a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 21:53 70,144 -c--a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 21:53 48,640 -c--a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 21:53 31,744 -c--a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 21:53 186,368 -c--a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 21:53 17,920 -c--a-w C:\Program Files\Common Files\IRASRIAL.DLL
2004-04-12 17:42 32 -csha-w C:\WINDOWS\{46313D91-E12B-40A2-B52A-440B5497AFE5}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2002-09-16 20:02 2181704]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17 50736]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb12.exe" [2005-03-08 00:42 176128]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 16:35 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2005-08-02 16:35 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-09-06 07:06 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11b+g USB Wireless LAN Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk
backup=C:\WINDOWS\pss\802.11b+g USB Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-08-10 11:37 61440 C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-24 22:20 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-22 19:20 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.ex e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--------- 2002-07-31 22:28 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
C:\Program Files\SpyKiller\spykiller.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 11:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2006-02-01 18:33 1880064 C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-11 00:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.s ys [2005-02-24 16:41]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 13:54]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a8d647df-b3c8-11dc-a0d8-000c6e603f51}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 16:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-12-28 22:22:22 C:\WINDOWS\Tasks\easy Internet sign-up.job"
.
************************************************** ************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 21:29:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-04-11 21:30:47
ComboFix-quarantined-files.txt 2008-04-12 01:30:17
Pre-Run: 54,564,134,912 bytes free
Post-Run: 54,547,394,560 bytes free
.
2008-04-09 07:04:08 --- E O F ---

[evilfantasy]

Do you use SpyKiller? And is it a paid version?