Check-Up Time

[swhit32257]

Hello! I had some major issues last year that you helped me work through, so i figured I would start the new year right and do a 'check up' to see if anything needs cleaning up. Below is a hijackthis report followed by a panda report. Thanks!

--------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:26:09 AM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\ehome\ehRec.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1130597934\ee\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\program files\common files\aol\1130597934\ee\aolssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksys.com/registration/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130597934\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1130597934\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webtop01.bcbsfl.com/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
--------------------------------------------------------------------------

Incident Status Location

Adware:adware/secure32 Not disinfected C:\WINDOWS\system32\drivers\etc\hosts
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\goaf1yc3.default\cookies.txt[]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@com[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@questionmarket[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tucows[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@zedo[2].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe

[MicroBell]

Hi and Welcome to TSF

You have a few items that need addressed.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.

Open add/remove programs and remove iMeshBar/iMesh

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=desktop
O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file)
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

C:\Program Files\iMeshBar <--delete that folder

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log".

I then need you to repeat the same procedure above again... using the TrendMicro scan tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

[swhit32257]

If I understand all of this, all you need is the TrendMicro text file and an updated HiJackThis file, right? If this is correct, I'll be ready to post them both tomorrow. Thanks!

[swhit32257]

The latest Trend Micro run was clean. No sign of a log file after rebooting, so here's the latest and greatest hijackthis file. I did have to restore some Wildtangent game because, dispite their "non-spyware" claims, four games got deleted during this cleanup effort. Thanks!
--------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:36:38 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehRec.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\1130597934\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1130597934\ee\aolssc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksys.com/registration/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130597934\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1130597934\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webtop01.bcbsfl.com/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[swhit32257]

Just making sure this thread stays in the loop...

[tetonbob]

Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper Shields

• Click Shields on the left.
• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Startup Programs and uncheck all items.
• Click Browser Add-Ons and uncheck all items.
• Exit Spysweeper.

Fix these entries with HJT:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=desktop

Re-enable SpySweeper.

Any other issues? If so, we'll dig a bit.

[swhit32257]

Here's whats left...I think we're all set (unless anything stands out). Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 6:26:10 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\ehome\ehRec.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1130597934\ee\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
c:\program files\common files\aol\1130597934\ee\aolssc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksys.com/registration/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130597934\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1130597934\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\Pure Networks\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://webtop01.bcbsfl.com/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1130597934\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[tetonbob]

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
• IE-SPYAD
  IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial
  
  Here are two very good free Antivirus products which are available:
  
• Avast!
• AVG
  
  It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Avast Antivirus/Firewall
• Tiny Personal Firewall
• OutPost Firewall

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Please respond to this thread one more time so we can mark this thread as resolved.

[swhit32257]

Thanks! Please feel free to consider the thread resolved.