amazinjane
Thread Starter
- Joined
- Nov 6, 2007
- Messages
- 1
I only have basic computer knowledge so go a little easy on me.
I believe I was first attacked by Zlob. I was getting alot of pop-ups, task manager was disabled, new java icon, and I was blocked from access to programs, etc.
I took it to my local phone co. for repair (Don't know what he did, I do see he downloaded adaware and adwatch)
He suggested a reformat so a few days ago I brought it home to back up some files.
Today I get on and I notice an unfamiliar computer icon in the taskbar that is downloading updates. I ran a hijackthis planning on posting here anyway, but then I went to check my AVG vault and I find 8 new trojans. Generic 8XUK and ZlobKI
I've been needing to reformat anyway, so for now I just need to be able to do an online backup of some of my saved files. (my burner won't copy either, an old problem) I just need to be able to do it safely.
Is there anything I need to do immediately to keep things stable?
Here's my hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 3:49:38 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\am\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
= http://g.msn.com/0SEENUS/SAOS13
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
= http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
= http://g.msn.com/0SEENUS/SAOS13
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
= http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
=
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN
Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO:
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -
{D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file
missing)
O3 - Toolbar: MSN Search Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN
Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
/STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program
Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program
Files\MSN Toolbar
Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program
Files\MSN Toolbar
Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact -
{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file
missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact...
- {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file
missing)
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish
Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/26fee675102553ec3505/netzip/RdxIE6.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma
Image Uploader 3.0 Control) -
http://frog5.inkfrog.com/modules/images/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.c
ab
O18 - Protocol: bw+0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{B8355522-CDF4-4AC1-B85D-2CF74F3EF241} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB
- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer
Associates International, Inc. - C:\Program Files\CA\eTrust
Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) -
Computer Associates International, Inc. - C:\Program
Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer
Associates International, Inc. - C:\Program Files\CA\eTrust
Antivirus\InoTask.exe
O23 - Service: MpService - Canon Inc. - C:\Program
Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program
Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
Here"s a messy text log from my AVG if anyone needs it:
Trojan horse Generic8.XUK C:\WINDOWS\system32\proper.exe 11/4/2007 17:34 proper.exe 5.5 KB
Trojan horse Generic8.XUK C:\WINDOWS\system32\winter.exe 11/4/2007 17:35 winter.exe 5.5 KB
Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\PF0X0466\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.49 KB
Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\SV13GF0U\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.72 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077208.exe 11/4/2007 19:13 A0077208.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077207.exe 11/4/2007 19:13 A0077207.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078538.exe 11/4/2007 19:13 A0078538.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078539.exe 11/4/2007 19:13 A0078539.exe 5.5 KB
Any help would be tremenously appreciated!!
AM
I believe I was first attacked by Zlob. I was getting alot of pop-ups, task manager was disabled, new java icon, and I was blocked from access to programs, etc.
I took it to my local phone co. for repair (Don't know what he did, I do see he downloaded adaware and adwatch)
He suggested a reformat so a few days ago I brought it home to back up some files.
Today I get on and I notice an unfamiliar computer icon in the taskbar that is downloading updates. I ran a hijackthis planning on posting here anyway, but then I went to check my AVG vault and I find 8 new trojans. Generic 8XUK and ZlobKI
I've been needing to reformat anyway, so for now I just need to be able to do an online backup of some of my saved files. (my burner won't copy either, an old problem) I just need to be able to do it safely.
Is there anything I need to do immediately to keep things stable?
Here's my hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 3:49:38 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\am\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
= http://g.msn.com/0SEENUS/SAOS13
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
= http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
= http://g.msn.com/0SEENUS/SAOS13
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
= http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
=
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN
Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO:
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -
{D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file
missing)
O3 - Toolbar: MSN Search Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN
Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
/STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program
Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program
Files\MSN Toolbar
Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program
Files\MSN Toolbar
Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact -
{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file
missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact...
- {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file
missing)
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish
Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/26fee675102553ec3505/netzip/RdxIE6.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma
Image Uploader 3.0 Control) -
http://frog5.inkfrog.com/modules/images/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.c
ab
O18 - Protocol: bw+0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}
- C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{B8355522-CDF4-4AC1-B85D-2CF74F3EF241} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB
- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer
Associates International, Inc. - C:\Program Files\CA\eTrust
Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) -
Computer Associates International, Inc. - C:\Program
Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer
Associates International, Inc. - C:\Program Files\CA\eTrust
Antivirus\InoTask.exe
O23 - Service: MpService - Canon Inc. - C:\Program
Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program
Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
Here"s a messy text log from my AVG if anyone needs it:
Trojan horse Generic8.XUK C:\WINDOWS\system32\proper.exe 11/4/2007 17:34 proper.exe 5.5 KB
Trojan horse Generic8.XUK C:\WINDOWS\system32\winter.exe 11/4/2007 17:35 winter.exe 5.5 KB
Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\PF0X0466\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.49 KB
Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\SV13GF0U\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.72 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077208.exe 11/4/2007 19:13 A0077208.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077207.exe 11/4/2007 19:13 A0077207.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078538.exe 11/4/2007 19:13 A0078538.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078539.exe 11/4/2007 19:13 A0078539.exe 5.5 KB
Any help would be tremenously appreciated!!
AM