1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with Trojans-Zlob and Generic8

Discussion in 'Virus & Other Malware Removal' started by amazinjane, Nov 6, 2007.

Thread Status:
Not open for further replies.
  1. amazinjane

    amazinjane Thread Starter

    Joined:
    Nov 6, 2007
    Messages:
    1
    I only have basic computer knowledge so go a little easy on me.
    I believe I was first attacked by Zlob. I was getting alot of pop-ups, task manager was disabled, new java icon, and I was blocked from access to programs, etc.
    I took it to my local phone co. for repair (Don't know what he did, I do see he downloaded adaware and adwatch)
    He suggested a reformat so a few days ago I brought it home to back up some files.
    Today I get on and I notice an unfamiliar computer icon in the taskbar that is downloading updates. I ran a hijackthis planning on posting here anyway, but then I went to check my AVG vault and I find 8 new trojans. Generic 8XUK and ZlobKI
    I've been needing to reformat anyway, so for now I just need to be able to do an online backup of some of my saved files. (my burner won't copy either, an old problem) I just need to be able to do it safely.
    Is there anything I need to do immediately to keep things stable?


    Here's my hijack this log.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:49:38 PM, on 11/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft SQL

    Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
    C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\am\LOCALS~1\Temp\Temporary Directory 2 for

    hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar

    = http://g.msn.com/0SEENUS/SAOS13
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

    = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

    = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar

    = http://g.msn.com/0SEENUS/SAOS13
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

    = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

    =

    http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet

    Explorer\SearchURL,(Default) =

    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\SearchURL,(Default) =

    http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=Explorer.exe

    C:\WINDOWS\system32\proper.exe
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection -

    {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: MSN Search Toolbar Helper -

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

    Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO:

    Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -

    {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file

    missing)
    O3 - Toolbar: MSN Search Toolbar -

    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

    Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px]

    C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Realtime Monitor]

    C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

    Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

    Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer]

    KHALMNPR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -

    Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk =

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program

    Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program

    Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program

    Files\MSN Toolbar

    Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program

    Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program

    Files\MSN Toolbar

    Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Attach Web page to ACT! contact -

    {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file

    missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact...

    - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file

    missing)
    O9 - Extra button: (no name) -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

    Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -

    http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish

    Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

    http://207.188.7.150/26fee675102553ec3505/netzip/RdxIE6.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma

    Image Uploader 3.0 Control) -

    http://frog5.inkfrog.com/modules/images/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/MsnMessengerSetupDownloader.c

    ab
    O18 - Protocol: bw+0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 -

    {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

    Files\Logitech\Desktop

    Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {B8355522-CDF4-4AC1-B85D-2CF74F3EF241}

    - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 -

    {B8355522-CDF4-4AC1-B85D-2CF74F3EF241} - C:\Program

    Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon -

    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB

    - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

    s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

    s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer

    Associates International, Inc. - C:\Program Files\CA\eTrust

    Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) -

    Computer Associates International, Inc. - C:\Program

    Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer

    Associates International, Inc. - C:\Program Files\CA\eTrust

    Antivirus\InoTask.exe
    O23 - Service: MpService - Canon Inc. - C:\Program

    Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program

    Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

    Unknown owner - C:\Program Files\Common Files\Symantec

    Shared\SNDSrvc.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

    C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

    Here"s a messy text log from my AVG if anyone needs it:

    Trojan horse Generic8.XUK C:\WINDOWS\system32\proper.exe 11/4/2007 17:34 proper.exe 5.5 KB
    Trojan horse Generic8.XUK C:\WINDOWS\system32\winter.exe 11/4/2007 17:35 winter.exe 5.5 KB
    Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\PF0X0466\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.49 KB
    Trojan horse Downloader.Zlob.KI C:\Documents and Settings\am\Local Settings\Temporary Internet Files\Content.IE5\SV13GF0U\setup[1].exe 11/4/2007 18:22 setup[1].exe 75.72 KB
    Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077208.exe 11/4/2007 19:13 A0077208.exe 5.5 KB
    Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1069\A0077207.exe 11/4/2007 19:13 A0077207.exe 5.5 KB
    Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078538.exe 11/4/2007 19:13 A0078538.exe 5.5 KB
    Trojan horse Generic8.XUK C:\System Volume Information\_restore{549F778F-1918-4AFA-993F-CAD9D22C15DB}\RP1074\A0078539.exe 11/4/2007 19:13 A0078539.exe 5.5 KB

    Any help would be tremenously appreciated!!
    AM
     
    amazinjane, Nov 6, 2007
    #1
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Help Trojans Zlob
  1. lubr

    In Progress i need help really bad..

    lubr, Jan 5, 2020, in forum: Virus & Other Malware Removal
    Replies:
    3
    Views:
    529
    iMacg3
    Jan 7, 2020
  2. lp2xxx

    In Progress StartupCheckLibrary.dll &winscomrssrv.dll Missing, help!

    lp2xxx, Jan 3, 2020, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    483
    iMacg3
    Jan 5, 2020
  3. BigPotato

    New Slow laptop need help

    BigPotato, Dec 14, 2019, in forum: Virus & Other Malware Removal
    Replies:
    4
    Views:
    604
    Cookiegal
    Dec 14, 2019
  4. bj nick

    New Laptop plagued by browser hijacker....help!

    bj nick, Nov 2, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    671
    bj nick
    Nov 2, 2019
  5. ebaile7494

    New Help Please

    ebaile7494, Jun 4, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    846
    ebaile7494
    Jun 4, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648645

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice