Solve : TROJAN HORSE FOUND BY AVG?

1.	Solve : TROJAN HORSE FOUND BY AVG?
Answer» hello i need some iformation please, I am using an old IBM pc, running windows xp professional, service pack 2, and AVG 7.5 free version.On 14 October the antivirus AVG picked up the following TROJAN Horse 7.MCU, and the next day also it picked up the same only in a different location, and with a different file name. prior to this a few months ago AVG DETECTED a virus called obfustat.ITZ, now these two are in quaranting in the virus vault, i am wondering if these could cause any harm, should i delete them from the virus vault. And are there any possibilities of having any more viruses. I have run spy bot and no threat were found. I would like very much to post a screen shot of the contents in the virus vault, but can't find out how to do it. Any suggestions or help will be very much appreciated. thanks The Saint. You can create a screen shot by pressing the print screen key . This will usually TAKE the screen shot and place it into the computer clipboard. Once in the clipboard you can use the screen shot in anyway you want, you may upload it to Photobucket and from there you can copy it and paste it here.( the options to copy it are on the side of the picture , choose copy to forums option . Yes, screenshots may be useful. However, in the meantime, make sure you delete everything from AVG's virus vault. Then run a couple of good free malware removers such as Superantispyware and AVG Anti Spyware (Google them; they are easy to find). Next download HijackThis and scan your computer with it. Post the scan report log in this thread for someone to review it for you. DO NOT change anything with HJT UNLESS under the advice of a trained analyst. Using the program wrongly can trash your computer. OJHere is a link to Hijack This Just select the option scan and save a logfile and remember what OddJob said do not change anything with HJT . Here is a link to Super Anti Spyware Here is a link to AVG Anti Spyware I recently had very bad Trojan Problem which was solved with the installation and running of a-squared anti malware It works just like an antivirus and dosent get in the way of your firewall, removes malware , trojans , keyloggers, worms etc etc Thought the links would make things easier for you Best of luck. Ivy Ivy,Oddjob please see the HJT log file below. Please advise. Thanks Logfile of HijackThis v1.99.1 Scan saved at 11:29:58 AM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\SONICS~1\SsAAD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe E:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\MTV Networks\URGE\UrgeMS.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Grisoft\AVG Free\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\Ipe40.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\YTBSDK.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SsAAD.exe] E:\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] E:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147867963562 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172741842859 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2019FE9F-B74D-44F4-B66F-BBDE5696AE0A}: NameServer = 218.248.240.23 218.248.255.145 Rest continued in next post as the message seems to be more than10000 characters.HJT log contd... O18 - Protocol: bw+0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll rest in next post since messages contains more that 10000 charactersHJT LOG CONTD... O18 - Protocol: bwq0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PML Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe[/b]Your log is fairly clean. Re. your first post it seems AVG was doing its job. Whatever it found was removed and not on your machine any more (unless it's hiding deeper than HJT can see which is always a possibility). Do you know what this fie is, what it does and which program installed it .... C:\WINDOWS\CameraFixer.exe? Please advise. Which firewall are you using? I can't see one in the log. The version of HJT you are using is slightly out of date. Merijn has now sold the program to Trend Micro and the most recent version is available here .... http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Save HJTInstall.exe to your desktop. Doubleclick on the HJTInstall.exe icon on your desktop. Please use this one in the future. Your HJT file is on a temporary place on your computer. The program makes backups which could easily be lost if HJT isn't somewhere more permanent. Go to the file ... C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe ....and drag & drop it directly on to your main hard drive. All those 018 entires are form Logitech Desktop Messenger. It clogs up the machine. Best advice is to remove / uninstall that program and fix all this 018 entries with HJT thus ... Turn off Windows Defender and Spybot's TeaTimer application as they could hinder HJT's fixing process. Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to this entry IF it's STILL present .... O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) AND all those 018 entries IF still present. Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window. When this is all done re-activate Defender and Spybot's resident TeaTimer protection. Post a fresh HJT log with an update on how the computer is behaving now. OJOddjob, Should i do the HJT scan wtih the new version, from the link you provided, post the log for you to see in case any thing has been missed or continue with the old one which is lying in the temp folder? thanks The Saint.Follow oddjob's steps after moving/re-downloading HijackThis to a permanent location (such as C:\Program Files\HJT). The temp folder is a temporary location. If HijackThis stays in there, it will eventually get deleted and so will its backups, which are important to have. So, put the program in a permanent location and then run it from there. You may then safely follow his instructions.

Answer»

hello

i need some iformation please, I am using an old IBM pc, running windows xp professional, service pack 2, and AVG 7.5 free version.On 14 October the antivirus AVG picked up the following TROJAN Horse 7.MCU, and the next day also it picked up the same only in a different location, and with a different file name.
prior to this a few months ago AVG DETECTED a virus called obfustat.ITZ,
now these two are in quaranting in the virus vault, i am wondering if these could cause any harm, should i delete them from the virus vault.

And are there any possibilities of having any more viruses. I have run spy bot and no threat were found.
I would like very much to post a screen shot of the contents in the virus vault, but can't find out how to do it.

Any suggestions or help will be very much appreciated.

thanks

The Saint.
You can create a screen shot by pressing the print screen key . This will usually TAKE the screen shot and place it into the computer clipboard. Once in the clipboard you can use the screen shot in anyway you want, you may upload it to Photobucket and from there you can copy it and paste it here.( the options to copy it are on the side of the picture , choose copy to forums option .

Yes, screenshots may be useful.

However, in the meantime, make sure you delete everything from AVG's virus vault.

Then run a couple of good free malware removers such as Superantispyware and AVG Anti Spyware (Google them; they are easy to find).

Next download HijackThis and scan your computer with it.

Post the scan report log in this thread for someone to review it for you. DO NOT change anything with HJT UNLESS under the advice of a trained analyst. Using the program wrongly can trash your computer.

OJHere is a link to Hijack This
Just select the option scan and save a logfile and remember what OddJob said do not change anything with HJT .
Here is a link to Super Anti Spyware
Here is a link to AVG Anti Spyware

I recently had very bad Trojan Problem which was solved with the installation and running of a-squared anti malware
It works just like an antivirus and dosent get in the way of your firewall, removes malware , trojans , keyloggers, worms etc etc

Thought the links would make things easier for you

Best of luck.

Ivy
Ivy,Oddjob

please see the HJT log file below. Please advise. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:29:58 AM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\SONICS~1\SsAAD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MTV Networks\URGE\UrgeMS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\Ipe40.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn0\YTBSDK.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SsAAD.exe] E:\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] E:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147867963562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172741842859
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2019FE9F-B74D-44F4-B66F-BBDE5696AE0A}: NameServer = 218.248.240.23 218.248.255.145

Rest continued in next post as the message seems to be more than10000 characters.HJT log contd...

O18 - Protocol: bw+0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

rest in next post since messages contains more that 10000 charactersHJT LOG CONTD...

O18 - Protocol: bwq0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4F56B6D4-F9C4-4E1B-BE8F-F64B095832D7} - E:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PML Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe[/b]Your log is fairly clean.

Re. your first post it seems AVG was doing its job. Whatever it found was removed and not on your machine any more (unless it's hiding deeper than HJT can see which is always a possibility).

Do you know what this fie is, what it does and which program installed it ....

C:\WINDOWS\CameraFixer.exe?

Please advise.

Which firewall are you using? I can't see one in the log.

The version of HJT you are using is slightly out of date. Merijn has now sold the program to Trend Micro and the most recent version is available here ....

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.

Please use this one in the future.

Your HJT file is on a temporary place on your computer. The program makes backups which could easily be lost if HJT isn't somewhere more permanent.

Go to the file ...

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe

....and drag & drop it directly on to your main hard drive.

All those 018 entires are form Logitech Desktop Messenger. It clogs up the machine. Best advice is to remove / uninstall that program and fix all this 018 entries with HJT thus ...

Turn off Windows Defender and Spybot's TeaTimer application as they could hinder HJT's fixing process.

Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to this entry IF it's STILL present ....

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

AND all those 018 entries IF still present.

Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.

When this is all done re-activate Defender and Spybot's resident TeaTimer protection.

Post a fresh HJT log with an update on how the computer is behaving now.

OJOddjob,

Should i do the HJT scan wtih the new version, from the link you provided, post the log for you to see in case any thing has been missed or continue with the old one which is lying in the temp folder?

thanks
The Saint.Follow oddjob's steps after moving/re-downloading HijackThis to a permanent location (such as C:\Program Files\HJT). The temp folder is a temporary location. If HijackThis stays in there, it will eventually get deleted and so will its backups, which are important to have. So, put the program in a permanent location and then run it from there. You may then safely follow his instructions.

Solve : TROJAN HORSE FOUND BY AVG?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment