Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: TROJAN HORSE FOUND BY AVG  (Read 5692 times)

0 Members and 1 Guest are viewing this topic.

THE_SAINT

    Topic Starter


    Beginner
    TROJAN HORSE FOUND BY AVG
    « on: October 17, 2007, 11:25:37 AM »
    hello

    i need some iformation please, I am using an old IBM pc, running windows xp professional, service pack 2, and AVG 7.5 free version.On 14 October the antivirus AVG picked up the following TROJAN Horse 7.MCU, and the next day also it picked up the same only in a different location, and with a different file name.
    prior to this a few months ago AVG detected  a virus called obfustat.ITZ,
    now these two are in quaranting in the virus vault, i am wondering if these could cause any harm, should i delete them from the virus vault.

    And are there any possibilities of having any more viruses. I have run spy bot and no threat  were  found.
    I would like very much to post a screen shot of the contents in the virus vault, but can't find out how to do it.

    Any suggestions or help will be very much appreciated.

    thanks

    The Saint.
    Logged

    Ivy

    • Guest
    Re: TROJAN HORSE FOUND BY AVG
    « Reply #1 on: October 17, 2007, 11:50:00 AM »
    You can  create a screen shot by pressing the print screen key . This will usually take the screen shot and place it into the computer clipboard. Once in the clipboard you can use the screen shot in anyway you want, you may upload it to Photobucket and from there you can copy it and paste it here.( the options to copy it are on the  side of the picture , choose copy to forums option .


    Logged

    oddjob



      Hopeful

      Thanked: 4
      • Experience: Beginner
      • OS: Windows 7
      Re: TROJAN HORSE FOUND BY AVG
      « Reply #2 on: October 17, 2007, 12:16:37 PM »
      Yes, screenshots may be useful.

      However, in the meantime, make sure you delete everything from AVG's virus vault.

      Then run a couple of good free malware removers such as Superantispyware and AVG Anti Spyware (Google them; they are easy to find).

      Next download HijackThis and scan your computer with it.

      Post the scan report log in this thread for someone to review it for you. DO NOT change anything with HJT unless under the advice of a trained analyst. Using the program wrongly can trash your computer.


      OJ
      Logged

      Ivy

      • Guest
      Re: TROJAN HORSE FOUND BY AVG
      « Reply #3 on: October 17, 2007, 10:15:17 PM »
      Here is a link to Hijack This
      Just select the option scan and save a logfile and remember what OddJob said do not change anything with HJT .
      Here is a link to Super Anti Spyware
      Here is a link to AVG Anti Spyware

      I recently had very bad Trojan Problem which was solved with the installation and running of a-squared anti malware
      It works just like an antivirus and dosent get in the way of your firewall, removes malware , trojans , keyloggers, worms etc etc

      Thought the links would make things easier for you :)

      Best of luck.

      Ivy
      Logged

      THE_SAINT

        Topic Starter


        Beginner
        Re: TROJAN HORSE FOUND BY AVG
        « Reply #4 on: October 25, 2007, 12:11:46 AM »
        Ivy,Oddjob

        please see the HJT log file below. Please advise. Thanks

        Logfile of HijackThis v1.99.1
        Scan saved at 11:29:58 AM, on 10/25/2007
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16544)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        E:\SONICS~1\SsAAD.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\WINDOWS\CameraFixer.exe
        C:\WINDOWS\tsnpstd3.exe
        C:\WINDOWS\vsnpstd3.exe
        C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
        E:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ntvdm.exe
        C:\Program Files\MTV Networks\URGE\UrgeMS.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\Program Files\Grisoft\AVG Free\avgcc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\Ipe40.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\YTBSDK.exe
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [SsAAD.exe] E:\SONICS~1\SsAAD.exe
        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
        O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
        O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
        O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [LDM] E:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
        O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
        O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147867963562
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172741842859
        O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
        O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
        O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{2019FE9F-B74D-44F4-B66F-BBDE5696AE0A}: NameServer = 218.248.240.23 218.248.255.145

        Rest continued in next post as the message seems to be more than10000 characters.
        Logged

        THE_SAINT

          Topic Starter


          Beginner
          Re: TROJAN HORSE FOUND BY AVG
          « Reply #5 on: October 25, 2007, 12:19:54 AM »
          HJT log contd...

          O18 - Protocol: bw+0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw+0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw-0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw-0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw00 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw00s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw10 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw10s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw20 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw20s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw30 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw30s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw40 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw40s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw50 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw50s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw60 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw60s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw70 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw70s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O18 - Protocol: bwg0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwg0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwq0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

          rest in next post since messages contains more that 10000 characters
          Logged

          THE_SAINT

            Topic Starter


            Beginner
            Re: TROJAN HORSE FOUND BY AVG
            « Reply #6 on: October 25, 2007, 12:21:08 AM »
            HJT LOG CONTD...

            O18 - Protocol: bwq0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwr0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwr0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bws0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bws0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwt0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwt0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwu0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwu0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwv0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwv0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bww0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bww0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwx0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwx0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwy0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwy0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwz0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: bwz0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O18 - Protocol: offline-8876480 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
            O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
            O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe[/b]
            Logged

            oddjob



              Hopeful

              Thanked: 4
              • Experience: Beginner
              • OS: Windows 7
              Re: TROJAN HORSE FOUND BY AVG
              « Reply #7 on: October 25, 2007, 02:29:08 AM »
              Your log is fairly clean.

              Re. your first post it seems AVG was doing its job. Whatever it found was removed and not on your machine any more (unless it's hiding deeper than HJT can see which is always a possibility).


              Do you know what this fie is, what it does and which program installed it ....

              C:\WINDOWS\CameraFixer.exe?

              Please advise.


              Which firewall are you using? I can't see one in the log.


              The version of HJT you are using is slightly out of date. Merijn has now sold the program to Trend Micro and the most recent version is available here ....

              http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

              • Save HJTInstall.exe to your desktop.
              • Doubleclick on the HJTInstall.exe icon on your desktop.
              Please use this one in the future.


              Your HJT file is on a temporary place on your computer. The program makes backups which could easily be lost if HJT isn't somewhere more permanent.

              Go to the file ...

              C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe

              ....and drag & drop it directly on to your main hard drive.


              All those 018 entires are form Logitech Desktop  Messenger. It clogs up the machine. Best advice is to remove / uninstall that program and fix all this 018 entries with HJT thus ...

              Turn off Windows Defender and Spybot's TeaTimer application as they could hinder HJT's fixing process.

              Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to this entry IF it's still present ....

              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

              AND all those 018 entries IF still present.


              Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.


              When this is all done re-activate Defender and Spybot's resident TeaTimer protection.

              Post a fresh HJT log with an update on how the computer is behaving now.


              OJ
              Logged

              THE_SAINT

                Topic Starter


                Beginner
                Re: TROJAN HORSE FOUND BY AVG
                « Reply #8 on: October 30, 2007, 01:19:17 AM »
                Oddjob,

                Should i do the HJT scan wtih the new version, from the link you provided, post the log for you to see in case any thing has been missed   or continue with the old one which is lying in the temp folder?

                thanks
                The Saint.
                Logged

                CBMatt

                • Mod & Malware Specialist


                  • Prodigy

                • Sad and lonely...and loving every minute of it.
                  • Thanked: 167
                  • Yes
                • Experience: Experienced
                • OS: Windows 7
                Re: TROJAN HORSE FOUND BY AVG
                « Reply #9 on: October 30, 2007, 01:43:09 AM »
                Follow oddjob's steps after moving/re-downloading HijackThis to a permanent location (such as C:\Program Files\HJT).  The temp folder is a temporary location.  If HijackThis stays in there, it will eventually get deleted and so will its backups, which are important to have.  So, put the program in a permanent location and then run it from there.  You may then safely follow his instructions.
                Logged
                Quote
                An undefined problem has an infinite number of solutions.
                —Robert A. Humphrey
                Pages: [1]   Go Up
                « previous next »