Hey guys, could somebody please review the following and advise on what I should do to clean this up?
Any help would be greatly appreciated.
w32/sucrick/prosession/hatcher/basedmacsomos/
w32/downloader.acz1
Thanks...
ArchiveData(auto-quarantine- 2006-08-29 14-25-30.bckp)
Referencefile : SE1R121 28.08.2006
======================================================
UNSPYPC
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=RegValue : S-1-5-21-2393186113-3271491637-910548451-1011\software\microsoft\windows\currentversion\run "UnSpyPC"
obj[13]=File : C:\Documents and Settings\george\Application Data\uns.tmp
ADWARE.TOOLBAND
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[1]=RegValue : software\microsoft\internet explorer\toolbar "{08BEC6AA-49FC-4379-3587-4B21E286C19E}"
WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=IECache Entry : Cookie:george@overture.com/
obj[4]=IECache Entry : Cookie:george@findwhat.com/
obj[5]=IECache Entry : Cookie:george@partners.webmasterplan.com/
obj[6]=IECache Entry : Cookie:george@qksrv.net/
obj[7]=IECache Entry : Cookie:george@apmebf.com/
obj[8]=IECache Entry : Cookie:george@tripod.com/
obj[9]=IECache Entry : C:\Documents and Settings\theresa\Cookies\theresa@apmebf[2].txt
obj[10]=IECache Entry : C:\Documents and Settings\theresa\Cookies\theresa@live365[2].txt
obj[11]=IECache Entry : C:\Documents and Settings\theresa\Cookies\theresa@overture[2].txt
obj[12]=IECache Entry : C:\Documents and Settings\theresa\Cookies\theresa@real[2].txt
----------
Logfile of HijackThis v1.99.1
Scan saved at 12:57:31 PM, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\george\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pag...3_metric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: (no name) - {73CBA761-EF44-4B06-1D9C-32E32E4FAB13} - 34763.dll (file missing)
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\system32\dflnl.exe
O4 - HKLM\..\Run: [KeywordFinder] slamm.exe
O4 - HKLM\..\Run: [driver64] newbreed.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [PasswdMon] control64.exe
O4 - HKCU\..\Run: [abrek] ___.exe
O4 - HKCU\..\Run: [sysmon12] Brong32.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152977501953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152978349843
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B278834-A422-4B72-9FAA-6C284D37839B}: NameServer = 85.255.114.93 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{990F041C-4858-48F8-9185-9A588F8E79D6}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Full Version: Spyware
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ammmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
...
Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmmma.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
* csr.exe C:\WINDOWS\System32\CSGVF.EXE
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSGVF.EXE 51,225 2006-04-21
C:\WINDOWS\SYSTEM32\DMBCF.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMHUO.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMMMA.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMQXW.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMRUA.EXE 44,034 2004-08-04
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
------------
Logfile of HijackThis v1.99.1
Scan saved at 12:38:26 PM, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\george\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pag...3_metric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: (no name) - {73CBA761-EF44-4B06-1D9C-32E32E4FAB13} - 34763.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [KeywordFinder] slamm.exe
O4 - HKLM\..\Run: [driver64] newbreed.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PasswdMon] control64.exe
O4 - HKCU\..\Run: [abrek] ___.exe
O4 - HKCU\..\Run: [sysmon12] Brong32.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152977501953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152978349843
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B278834-A422-4B72-9FAA-6C284D37839B}: NameServer = 85.255.114.93 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{990F041C-4858-48F8-9185-9A588F8E79D6}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ammmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
...
Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmmma.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
* csr.exe C:\WINDOWS\System32\CSGVF.EXE
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSGVF.EXE 51,225 2006-04-21
C:\WINDOWS\SYSTEM32\DMBCF.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMHUO.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMMMA.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMQXW.EXE 44,034 2004-08-04
C:\WINDOWS\SYSTEM32\DMRUA.EXE 44,034 2004-08-04
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
------------
Logfile of HijackThis v1.99.1
Scan saved at 12:38:26 PM, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\george\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pag...3_metric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: (no name) - {73CBA761-EF44-4B06-1D9C-32E32E4FAB13} - 34763.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [KeywordFinder] slamm.exe
O4 - HKLM\..\Run: [driver64] newbreed.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PasswdMon] control64.exe
O4 - HKCU\..\Run: [abrek] ___.exe
O4 - HKCU\..\Run: [sysmon12] Brong32.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152977501953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152978349843
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B278834-A422-4B72-9FAA-6C284D37839B}: NameServer = 85.255.114.93 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{990F041C-4858-48F8-9185-9A588F8E79D6}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
* Please open hijackthis and put a check next to the following:
R3 - URLSearchHook: (no name) - {73CBA761-EF44-4B06-1D9C-32E32E4FAB13} - 34763.dll (file missing)
O4 - HKLM\..\Run: [KeywordFinder] slamm.exe
O4 - HKLM\..\Run: [driver64] newbreed.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [PasswdMon] control64.exe
O4 - HKCU\..\Run: [abrek] ___.exe
O4 - HKCU\..\Run: [sysmon12] Brong32.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B278834-A422-4B72-9FAA-6C284D37839B}: NameServer = 85.255.114.93 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{990F041C-4858-48F8-9185-9A588F8E79D6}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Note: In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\CSGVF.EXE
C:\WINDOWS\SYSTEM32\DMBCF.EXE
C:\WINDOWS\SYSTEM32\DMHUO.EXE
C:\WINDOWS\SYSTEM32\DMMMA.EXE
C:\WINDOWS\SYSTEM32\DMQXW.EXE
C:\WINDOWS\SYSTEM32\DMRUA.EXE
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe - Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
* Please open hijackthis and put a check next to the following:
R3 - URLSearchHook: (no name) - {73CBA761-EF44-4B06-1D9C-32E32E4FAB13} - 34763.dll (file missing)
O4 - HKLM\..\Run: [KeywordFinder] slamm.exe
O4 - HKLM\..\Run: [driver64] newbreed.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [PasswdMon] control64.exe
O4 - HKCU\..\Run: [abrek] ___.exe
O4 - HKCU\..\Run: [sysmon12] Brong32.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B278834-A422-4B72-9FAA-6C284D37839B}: NameServer = 85.255.114.93 85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{990F041C-4858-48F8-9185-9A588F8E79D6}: NameServer = 85.255.114.93,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{15B40F64-FA5B-46C2-9775-918FC5D00E1F}: NameServer = 85.255.114.93,85.255.112.122
* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found:
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 6:34:20 PM, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\george\Desktop\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\george\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\george\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\WINDOWS\system32\msiexec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pag...3_metric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152977501953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152978349843
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Scan saved at 6:34:20 PM, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\george\Desktop\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\george\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\george\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\WINDOWS\system32\msiexec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pag...3_metric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152977501953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152978349843
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Sorry, didn't include the Dr. Webb Log earlier.. here it is:
dmbcf.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmhuo.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmmma.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmqxw.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmrua.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
Process.exe;C:\Documents and Settings\george\Desktop\smitRem;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\Documents and Settings\theresa.YOUR-22CA86D5C4\Desktop\smitRem;Tool.Prockill;Incurable.Moved.;
ibm00001.dll;C:\Program Files\Common Files\Microsoft Shared\Web Folders;Trojan.PWS.Snap;Deleted.;
A0004278.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP10;Trojan.Iespy;Deleted.;
A0004376.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0005269.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0006268.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0007269.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0007280.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP12;Trojan.Iespy;Deleted.;
A0007287.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP12;Trojan.Iespy;Deleted.;
A0007298.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP13;Trojan.Iespy;Deleted.;
A0008298.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP13;Trojan.Iespy;Deleted.;
A0008308.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP14;Trojan.Iespy;Deleted.;
A0008310.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP15;Trojan.Iespy;Deleted.;
A0008333.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP16;Trojan.Iespy;Deleted.;
A0008342.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP17;Trojan.Iespy;Deleted.;
A0008350.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP18;Trojan.Iespy;Deleted.;
A0008471.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP19;Trojan.Iespy;Deleted.;
A0008483.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP20;Trojan.Iespy;Deleted.;
A0008495.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP21;Trojan.Iespy;Deleted.;
A0008509.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP22;Trojan.Iespy;Deleted.;
A0008521.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP23;Trojan.Iespy;Deleted.;
A0008529.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP24;Trojan.Iespy;Deleted.;
A0008538.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP25;Trojan.Iespy;Deleted.;
A0008541.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP26;Trojan.Iespy;Deleted.;
A0008553.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP27;Trojan.Iespy;Deleted.;
A0008578.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP28;Trojan.Iespy;Deleted.;
A0001042.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP3;Trojan.Iespy;Deleted.;
A0008598.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP30;Trojan.Iespy;Deleted.;
A0008618.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP33;Trojan.Iespy;Deleted.;
A0008630.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP33;Trojan.Iespy;Deleted.;
A0008641.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP33;Trojan.Iespy;Deleted.;
A0008659.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP34;Trojan.Iespy;Deleted.;
A0009641.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP34;Trojan.Iespy;Deleted.;
A0009649.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP35;Trojan.Iespy;Deleted.;
A0009703.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009704.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009705.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009706.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009707.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009712.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009713.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009714.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009715.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009716.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009717.dll;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.PWS.Snap;Deleted.;
A0002054.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP5;Trojan.Iespy;Deleted.;
A0002222.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP7;Trojan.Iespy;Deleted.;
A0003223.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP8;Trojan.Iespy;Deleted.;
A0003249.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP9;Trojan.Iespy;Deleted.;
A0003268.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP9;Trojan.Iespy;Deleted.;
A0004268.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP9;Trojan.Iespy;Deleted.;
int_ver32b.ocx;C:\WINDOWS\Downloaded Program Files;Dialer.Vacpro;Incurable.Moved.;
dmbcf.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmhuo.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmmma.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmqxw.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
dmrua.exe;C:\!KillBox;Trojan.Iespy;Deleted.;
Process.exe;C:\Documents and Settings\george\Desktop\smitRem;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\Documents and Settings\theresa.YOUR-22CA86D5C4\Desktop\smitRem;Tool.Prockill;Incurable.Moved.;
ibm00001.dll;C:\Program Files\Common Files\Microsoft Shared\Web Folders;Trojan.PWS.Snap;Deleted.;
A0004278.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP10;Trojan.Iespy;Deleted.;
A0004376.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0005269.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0006268.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0007269.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP11;Trojan.Iespy;Deleted.;
A0007280.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP12;Trojan.Iespy;Deleted.;
A0007287.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP12;Trojan.Iespy;Deleted.;
A0007298.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP13;Trojan.Iespy;Deleted.;
A0008298.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP13;Trojan.Iespy;Deleted.;
A0008308.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP14;Trojan.Iespy;Deleted.;
A0008310.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP15;Trojan.Iespy;Deleted.;
A0008333.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP16;Trojan.Iespy;Deleted.;
A0008342.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP17;Trojan.Iespy;Deleted.;
A0008350.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP18;Trojan.Iespy;Deleted.;
A0008471.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP19;Trojan.Iespy;Deleted.;
A0008483.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP20;Trojan.Iespy;Deleted.;
A0008495.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP21;Trojan.Iespy;Deleted.;
A0008509.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP22;Trojan.Iespy;Deleted.;
A0008521.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP23;Trojan.Iespy;Deleted.;
A0008529.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP24;Trojan.Iespy;Deleted.;
A0008538.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP25;Trojan.Iespy;Deleted.;
A0008541.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP26;Trojan.Iespy;Deleted.;
A0008553.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP27;Trojan.Iespy;Deleted.;
A0008578.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP28;Trojan.Iespy;Deleted.;
A0001042.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP3;Trojan.Iespy;Deleted.;
A0008598.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP30;Trojan.Iespy;Deleted.;
A0008618.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP33;Trojan.Iespy;Deleted.;
A0008630.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP33;Trojan.Iespy;Deleted.;
A0008641.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP33;Trojan.Iespy;Deleted.;
A0008659.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP34;Trojan.Iespy;Deleted.;
A0009641.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP34;Trojan.Iespy;Deleted.;
A0009649.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP35;Trojan.Iespy;Deleted.;
A0009703.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009704.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009705.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009706.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009707.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009712.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009713.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009714.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009715.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009716.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.Iespy;Deleted.;
A0009717.dll;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP40;Trojan.PWS.Snap;Deleted.;
A0002054.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP5;Trojan.Iespy;Deleted.;
A0002222.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP7;Trojan.Iespy;Deleted.;
A0003223.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP8;Trojan.Iespy;Deleted.;
A0003249.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP9;Trojan.Iespy;Deleted.;
A0003268.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP9;Trojan.Iespy;Deleted.;
A0004268.exe;C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP9;Trojan.Iespy;Deleted.;
int_ver32b.ocx;C:\WINDOWS\Downloaded Program Files;Dialer.Vacpro;Incurable.Moved.;
Looking good, how is everything working? 
Everything seems to be much better, your help has been much appreciated.
Wanted to post the logs for a final review to make sure there is nothing else that was missed.
Thanks again
Wanted to post the logs for a final review to make sure there is nothing else that was missed.
Thanks again
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers. 
1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
2) In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
4)I notice that you do not seem to be running antivirus software. This is somewhat suicidal in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!.
Please make sure to run your antivirus software regularly, and to keep it up-to-date.
5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems! Good luck.
1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
2) In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
4)I notice that you do not seem to be running antivirus software. This is somewhat suicidal in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!.
Please make sure to run your antivirus software regularly, and to keep it up-to-date.
5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems! Good luck.
Thanks for all the help.. I am currently using Freedom (Zero Knowledge) security suite which includes AV, anti-spyware and Firewall.
I realize Freedom alone isn't enough for Spyware, but maybe you could comment on it in regards to AV/Firewall?
Thanks again.
I realize Freedom alone isn't enough for Spyware, but maybe you could comment on it in regards to AV/Firewall?
Thanks again.
I don't have expierience with Zero Knowledge, so I can't tell you that.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.