Don't think this is a tough one, but a couple of things found...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by themediachick, Mar 18, 2008.

  1. themediachick

    themediachick Private E-2

    Hi all,

    You guys are so great - your help is very appreciated!

    My computer was slowing down a bit & the usual maintenance didn't really help, so I was a little suspicious. I've followed all of the removal steps & a couple of things seem to have been dealt with. Would appreciate it if someone could take a quick look to see if there's still something I should be aware of.

    Thanks!
     

    Attached Files:

    themediachick, Mar 18, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geek!

    You forgot to attach the log from ComboFix.

    Your other logs are clean so any performance issues you are having are not related to malware. I will give a few things to do below, some may help performance a little but they will not changes things significantly.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below old versions of software:
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    SUPERAntiSpyware Free Edition <-- we are finished with this now
    Then reboot after uninstalling the above. Do not skip the reboot.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    O18 - Protocol: bw+0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E11958E5-DFEF-4B64-997C-70469C072EEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below log:
    • C:\MGlogs.zip
    Tell me if there is any change to your performance.

    You may get more signifcant performance improvements by uninstalling the toolbars and also by changing to a different antivirus program since Norton/Symantec is a well known resource hog.
     
    chaslang, Mar 18, 2008
    #2
  3. themediachick

    themediachick Private E-2

    chaslang, thank you!

    Sorry I missed the one log, I'll attach it here.

    Before I started all this I ran HijackThis just to take a look because there are a few things I recognize as problems. I was really surprised when I saw all those entries associated with my webcam....what the heck?!

    I'm also not fond of Norton AV - it's a free tool from my internet provider, but I'm ready to toss it & buy a different one. What's the consensus on the best AV programs?

    Will do the clean up & post the new log...thanks!
     
    themediachick, Mar 18, 2008
    #3
  4. themediachick

    themediachick Private E-2

    Ok, all done. Seems to have helped a little, but nonetheless I prefer to keep things tidy anyway.

    Attached the final log.....

    Thanks!
     

    Attached Files:

    themediachick, Mar 18, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot it again. :)

    You don't need buy anything if you don't want to. See the information in the below link:

    How to Protect yourself from malware!
     
    chaslang, Mar 18, 2008
    #5
  6. themediachick

    themediachick Private E-2

    Lmao! I guess I'm a little distracted tonight, lol! Sorry about that...
     

    Attached Files:

    themediachick, Mar 18, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay the only thing ComboFix removed was items from WinPcap 3.1 which is not malware. If you installed this program and need it, you will have to reinstall it. It you did not install it, then goto Add/Remove Programs and uninstall it to which will also speed things up a little since it runs a service full time so that non-administrator users can run the program.
     
    chaslang, Mar 18, 2008
    #7
  8. themediachick

    themediachick Private E-2

    Thank you kindly for all of your help!

    :)
     
    themediachick, Mar 18, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    It is time to do our final steps:
    2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN
      • Now type combofix /u in the runbox and click OK.
      • Note: The space between the X and the /U, it must be there.
    3. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    4. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    5. After doing the above, you should work thru the below link:
     
    chaslang, Mar 19, 2008
    #9
  10. themediachick

    themediachick Private E-2

    Ah...fresh & clean!

    Thanks for telling me to uninstall those older versions of Java - I was wondering if that should be done, and now I know for future.

    I use my computer a lot, but it's been well over 2 years since I've had any problems at all. I'm pretty up on how to avoid them, but there's so much garbage out there something's bound to sneak by eventually. About 3 or 4 years ago I had a fairly big infection & I learned a LOT from it, lol!

    Thanks for your help chaslang - you're very much appreciated!     ;)
     
    themediachick, Mar 19, 2008
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Mar 19, 2008
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds