Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me, Might Have/had A Virus/trojan, Not Really Sure,


  • This topic is locked This topic is locked
2 replies to this topic

#1 snowcrash

snowcrash

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 26 March 2008 - 10:35 AM

I just want to say thanks for all the helpers on here. I have been trying to go buy Sam's instructions from the same topic on here http://www.bleepingcomputer.com/forums/lof...hp/t137972.html but it just isn't doing the trick for me! I have basically done everything though from there, but still need help getting my bak files removed.

When I updated windows and restarted, it came up saying that I had a virus/trojan that was detected but not removed! I believe it came up as backdoor:Win32/Zonebac.gen!F I have done somethings from other help listings, and I think maybe the virus is gone now, but I have bak files that I do not or can not get rid of.

I could not really tell a noticable difference with the way the computer was acting. The only thing I did notice though, sometimes I might get a pop up while browsing a site, and also the internet browser page might just close out of the blue! I also have been getting a lot of random temp files in when I check it %temp% under run. It will be a lot of numbers that like 1234860 and they will continue to go up from the starting number(1236957, 12398475 and so on).


Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:07 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187709968852
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187709960330
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl3.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/sis/...aploader_v5.cab
O18 - Protocol: bw+0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {345EDC96-A9BE-4BC4-9ED4-6C2DAEC1A40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 20177 bytes



I have also ran combo fix and have a log for it, but as the posting help states, I'll wait if you infact need it.

I also have ran FINDAWF.exe and here is my long to it:


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Wed 03/26/2008
The current time is: 11:10:28.81


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MICROS~2\BAK

12/04/2005 04:38 PM 437,008 itype.exe
1 File(s) 437,008 bytes

Directory of C:\PROGRA~1\MICROS~3\BAK

12/04/2005 04:39 PM 461,584 ipoint.exe
1 File(s) 461,584 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 09:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINDOW~2\BAK

10/18/2006 09:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

07/09/2001 11:50 AM 155,648 NeroCheck.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/28/2007 10:35 AM 72,736 PDVDServ.exe
1 File(s) 72,736 bytes

Directory of C:\PROGRA~1\CYBERL~1\SHARED~1\BAK

11/16/2007 08:20 PM 91,432 brs.exe
1 File(s) 91,432 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

12/10/2006 09:52 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 08:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/13/2007 10:15 AM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\CREATIVE\SBLIVE\PROGRAM\BAK

11/29/2001 02:00 AM 28,672 ADGJDet.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\LANGUAGE\BAK

10/11/2007 01:06 PM 62,760 Language.exe
1 File(s) 62,760 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

02/02/2008 08:51 PM 36,864 LogitechDesktopMessenger.exe
1 File(s) 36,864 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

01/13/2006 02:46 AM 196,608 hpztsb04.exe
1 File(s) 196,608 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

437008 Dec 4 2005 "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
437008 Dec 4 2005 "C:\Program Files\Microsoft IntelliType Pro\bak\itype.exe"
437008 Dec 4 2005 "C:\Program Files\Microsoft IntelliType Pro 5.5\IType\Setup\Files\itype.exe"
461584 Dec 4 2005 "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
461584 Dec 4 2005 "C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe"
461584 Dec 4 2005 "C:\Program Files\Microsoft IntelliPoint 5.5\IPoint\Setup\Files\ipoint.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
72736 Oct 28 2007 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
72736 Oct 28 2007 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
91432 Nov 16 2007 "C:\Program Files\CyberLink\Shared files\brs.exe"
91432 Nov 16 2007 "C:\Program Files\CyberLink\Shared files\bak\brs.exe"
49152 Dec 10 2006 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Dec 10 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
185896 Feb 12 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe1592015454"
185632 Nov 13 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
28672 Nov 29 2001 "C:\Program Files\Creative\SBLive\Program\ADGJDet.exe"
28672 Nov 29 2001 "C:\Program Files\Creative\SBLive\Program\bak\ADGJDet.exe"
62760 Oct 11 2007 "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
62760 Oct 11 2007 "C:\Program Files\CyberLink\PowerDVD\Language\bak\Language.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
36864 Feb 2 2008 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
36864 Feb 2 2008 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
196608 Jan 13 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
196608 Jan 13 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb04.exe"


end of report


Any help with this would be great, because I do not think it is that huge of a problem yet, but I really do not want to have to reinstall windows if I do infact have a problem and can not get rid of it!

BC AdBot (Login to Remove)

 


m

#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 10 April 2008 - 12:32 PM

Hello snowcrash,

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

Before posting the new HijackThis log, please run it and fix all 018 Logitech Desktop Messenger lines.

Please also post Combofix report if you have it.
Do not run any other tools.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 16 April 2008 - 02:11 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users