Help with Trojans-Zlob and Generic8

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
A

amazinjane

Thread Starter
Joined
Nov 6, 2007
Messages
1
I only have basic computer knowledge so go a little easy on me.
I believe I was first attacked by Zlob. I was getting alot of pop-ups, task manager was disabled, new java icon, and I was blocked from access to programs, etc.
I took it to my local phone co. for repair (Don't know what he did, I do see he downloaded adaware and adwatch)
He suggested a reformat so a few days ago I brought it home to back up some files.
Today I get on and I notice an unfamiliar computer icon in the taskbar that is downloading updates. I ran a hijackthis planning on posting here anyway, but then I went to check my AVG vault and I find 8 new trojans. Generic 8XUK and ZlobKI
I've been needing to reformat anyway, so for now I just need to be able to do an online backup of some of my saved files. (my burner won't copy either, an old problem) I just need to be able to do it safely.
Is there anything I need to do immediately to keep things stable?


Here's my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 3:49:38 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL

Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\am\LOCALS~1\Temp\Temporary Directory 2 for

hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar

= http://g.msn.com/0SEENUS/SAOS13
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar

= http://g.msn.com/0SEENUS/SAOS13
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

=

http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe

C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO:

Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -

{D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file

missing)
O3 - Toolbar: MSN Search Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px]

C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Realtime Monitor]

C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]

KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

/STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -

Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program

Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program

Files\MSN Toolbar

Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program

Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program

Files\MSN Toolbar

Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact -

{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file

missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact...

- {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file

missing)
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -

http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish

Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://207.188.7.150/26fee675102553ec3505/netzip/RdxIE6.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma

Image Uploader 3.0 Control) -

http://frog5.inkfrog.com/modules/images/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.c

ab
O18 - Protocol: bw+0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -

{B8355522-CDF4-4AC1-B85D-2CF74F3EF241} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB

- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer

Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) -

Computer Associates International, Inc. - C:\Program

Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer

Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoTask.exe
O23 - Service: MpService - Canon Inc. - C:\Program

Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program

Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Unknown owner - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Here"s a messy text log from my AVG if anyone needs it:

Trojan horse Generic8.XUK C:\WINDOWS\system32\proper.exe 11/4/2007 17:34 proper.exe 5.5 KB
Trojan horse Generic8.XUK C:\WINDOWS\system32\winter.exe 11/4/2007 17:35 winter.exe 5.5 KB
Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\PF0X0466\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.49 KB
Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\SV13GF0U\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.72 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077208.exe 11/4/2007 19:13 A0077208.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077207.exe 11/4/2007 19:13 A0077207.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078538.exe 11/4/2007 19:13 A0078538.exe 5.5 KB
Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078539.exe 11/4/2007 19:13 A0078539.exe 5.5 KB

Any help would be tremenously appreciated!!
AM
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 536 (members: 2, guests: 534)
Top