I have been Infected js agent.ab

Ok, great. I'll help ya with it all.

First, let's turn system restore back on.

Then, after that, download HijackThis, a diagnostic software. After downloading, move the icon from the folder to the desktop, and open it.

Run a scan and save the log.

Post the log back here and we'll help ya out.

Thanks.

My log is attached and system restore back on....Thank u for helping me with this

Alrite great, first off, Ill let ya do this while we go thru the log: (NOTE: Be sure to run the scan in Safe mode)

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

After running the scan, come back here, and we'll tell ya what to fix in the log.

Thanks.

Forgive me ... I just want to be clear... I download the program and then sign off and go into safe mode..? Which I do not think I have done at all on this laptop...Only reformatted..

Heh sorry for bein unclear.

Yes, download the program and then put in the custom folders.

After this, shut down the computer. Wait 30 seconds. Then, restart the comupter, constantly hitting F8 until a screen comes up. Choose 'Safe Mode', and let it open. Then, run CCleaner.

The only thing safe mode does is limit the number of startup processes that turn on.

After doing this, come back and i'll list what ya need to check in HJT.

Thanks.

Help... I have a clean up program I ran...I know it is not the same...But if I am not mistaken when I ran the local settings temp...not the IE files... it deleted something out of windows xp...I am using windows xp professional.. I just want to make sure before I do anything...

Every user... I am the only user...so I should do it for my folder/all users folder and default user....I am sorry about the questions...but I just reformatted my laptop three weeks ago and it was hell....and from what u are having me run... i am deleting all of my settings...is that correct..? I just want to make sure I do this right....

Yes, you're fine as long as ya delete the contents of this file:

C:\Documents and Settings\<User>\Local Settings\Temp

All of the files in here are *.tmp

Lastly, I would rather ya use CCleaner in comparison then any other one, simply because I know how to use it, and I know it doesn't have imbedded spyware or anything similar.

After ya finish up with that, reboot into normal mode again (simply restart the computer), open HJT, and check the following:

Check the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop

After checking, close all of the other windows and hit 'fix checked'.

After doing this, restart the computer and post a new log.

Thanks.

I am going to use the one u sent... I just had the question . Also I cannot see the c:\temp file... the windows i am fine with... ..

Not giving me the prompt to start in smart mood when I sign on and now my virus scan says missing componants. I have nto run anything ye t

Anysuggestions...considering I am online with no protection now?

will try one more time

okay ran the clean up... not sure what happened to mcafee

Scan saved at 10:14:59 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1145775379\ee\AOLSoftware.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hijack This\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145775379\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Pando] C:\Program Files\Pando Networks\Pando\pando.exe /Automation
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {645494EC-DA43-4B48-8F48-36582B76A636} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
n

I have no start page... but I get online .. which I know I can fix...but my mcafee is not working at all just beeping and popping screens.

Hmm alrite. The log's clean, but I wanna run some other tests. And ya, it was expected that the startpages would be deleted. That should be easy to replace.

By the way, what is McAfee tellin ya in those beeps and popup screens?

Alrite, now, we're gonna download 2 programs, Ewido and SpySweeper (links can be found in my signature below).

Download both, update definitions for both, and run scans with both (normal mode, not safe mode, should be fine).

After running both, save both of the scan logs.

Post both of the scan logs back here, and we'll work from there.

Thanks.

some of the componants were not installed or downloaded correctly... .. i was going to get rid of it anyway .. should i uninstall it before I install the other ones?

Yep, if ya could do that, it'd be great. Ya might have a few problems tho--often times, AVs are known for having bloody uninstallers.

If it gives ya a ton of problems, then just ignore it and continue on with the fix--we can always delete it at the end.

Thanks.

okay ewido is running now..will do spyware after... I have alot of files .. Mcafee of course will not uninstall will have to reinstall it after this is done... and then decide what to do later on... i can tell u 3 tracking cookies right off the bat...however i cannot see where they are from yet.. but not showing the other thing yet so that is good

I only did the online scanner for ewido... mcafee was getting in the way..

Hmmm, did Mcafee prevent ya from dling and running the program?

Cause the scan from the program itself is a fair amount more thorough.

If ya can get it to dl and run, it'd be incredible. If not, it's ok.

Still looking forward for that SpySweeper scan log.

Thanks.

It did not prevent it .. However Mcafee keeps popping up... Right now I am running the online scan... and like i said will be awhile... It just so happens right in the middle of this I was working on organizing my fonts.. and i have alot of them all in files on my desk top... The good news is that the majority of my plug ins I have not yet installed and my tubes and graphics and all that other stuff ... creations are on my external not hookd up .. but what I can do is get thru this scan.. do the spy one.. then actually download the othr program and let it run and then post it for u when it is done.

Ahh great, thanks alot :)

Ok, this'll be my last post for teh nite--gotta go study for tmr, but ya, post all of the scans, and Ill take a look at them tmr sometime (prly around 8pm) and get back to ya.

Thanks.

No Thank you sooo much... I truly appreciate your help... Have a wonderful night...

Here are the scan logs from last night'

__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Terri\Cookies\terri@2o7[1].txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\Terri\Cookies\terri@rotator.adjuggler[1].txt
Risk: Medium

Name: TrackingCookie.Myaffiliateprogram
Path: C:\Documents and Settings\Terri\Cookies\terri@www.myaffiliateprogram[1].txt
Risk: Medium

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:01:55 AM, 4/24/2006
+ Report-Checksum: 89EC667D

+ Scan result:

C:\Documents and Settings\Terri\Cookies\terri@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Terri\Cookies\terri@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Terri\Cookies\terri@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

::Report End

********
11:24 PM: | Start of Session, Sunday, April 23, 2006 |
11:24 PM: Spy Sweeper started
11:24 PM: Sweep initiated using definitions version 663
11:24 PM: Starting Memory Sweep
11:30 PM: Memory Sweep Complete, Elapsed Time: 00:05:57
11:30 PM: Starting Registry Sweep
11:31 PM: Registry Sweep Complete, Elapsed Time:00:00:10
11:31 PM: Starting Cookie Sweep
11:31 PM: Found Spy Cookie: azjmp cookie
11:31 PM: [email]terri@azjmp[1].txt[/email] (ID = 2270)
11:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:31 PM: Starting File Sweep
11:49 PM: File Sweep Complete, Elapsed Time: 00:18:27
11:49 PM: Full Sweep has completed. Elapsed time 00:24:38
11:49 PM: Traces Found: 1
11:51 PM: Removal process initiated
11:51 PM: Quarantining All Traces: azjmp cookie
11:51 PM: Removal process completed. Elapsed time 00:00:00
********
11:22 PM: | Start of Session, Sunday, April 23, 2006 |
11:22 PM: Spy Sweeper started
11:23 PM: Your spyware definitions have been updated.
11:23 PM: Updating spyware definitions
11:23 PM: Your definitions are up to date.
11:24 PM: | End of Session, Sunday, April 23, 2006 |

I am going to try and run the other scan before I leave this morning that actually showed the malware..

The file is showing quarentined under housecalls by micro trend... I guess the scan I did online did help...Let me know if u have any other suggestions after reading the scans.. Also on antivirus/firewall programs...I know for sure I am going to keep the webroot spyware program.. thank you

Good good, it's all lookin incredible.

However, to triple check everything, run Kasperky 1 more time (the same scan ya ran in the very beginning), and verify it doent find the virus again.

Now for AV stuff. Just so ya kno ahead of time, Webroot SpySweeper isn't permenantly free--after 14 days, it expires completely, unless ya want to buy it.

For an antivirus I would strongly recommend downloading AVG. It's free, and top of the line anyways. Here:

http://free.grisoft.com/doc/2/lng/us/tpl/v5

Keep ewido--after 14 days, the automatic updates will expire, all that means is that you'll have to update manually before scans (basically, ya have to hit the 'update' button before scanning)

Lastly, I would dl Microsoft Defender, as it is a good 'realtime' spyware deferrent.

Here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&DisplayLang=en

Afer doing this, tell me what your plan of action is, and we'll go from there.

Thanks again (and sorry for the late reply).