hjt logs attached

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by doubledowntowin, Jan 18, 2006.

  1. doubledowntowin

    doubledowntowin Private E-2

    I am having problems with my computer, went through all the steps, here are the attachments. Thanks for any help.
     

    Attached Files:

    doubledowntowin, Jan 18, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read and follow step 7 of the READ ME again. Notice where you have HJT running from:

    C:\Documents and Settings\Erik\Desktop\hijackthis\HijackThis.exe

    Your OS & IE are way out of date. You must address this after removing any malware.

    Why are you not using an antivirus and no firewall either? Very baaaad idea!!!!

    You did not install and run MS Antispyware either? Why?
     
    chaslang, Jan 18, 2006
    #2
  3. doubledowntowin

    doubledowntowin Private E-2

    I did run MS anti spyware and I have attached hijack this logfile from program files. I unzipped hijack this from program files and ran it again. See attachment. Thanks.
     

    Attached Files:

    doubledowntowin, Jan 18, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why didn't it show in your first log? Even now it does not appear to be installed properly to run at startup.
     
    chaslang, Jan 18, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
    O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
    O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O18 - Protocol: bw+0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {DA7414E2-3995-4BFC-A4EF-D20B02A141EB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\WINDOWS\System32\vbsys2.dll
    c:\ex.cab
    c:\eied_s7.cab

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Jan 18, 2006
    #5
  6. doubledowntowin

    doubledowntowin Private E-2

    First thanks for your help so far, I am pretty sure that I selected all those files you have listed above and fixed them. For the second part:
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\vbsys2.dll
    c:\ex.cab
    c:\eied_s7.cab
    I did this but I could not find these two:
    c:\ex.cab
    c:\eied_s7.cab
    I went ahead and ran ccleaner rebooted normal mode, and I will attach the hjt log. thanks again
     

    Attached Files:

    doubledowntowin, Jan 19, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are using HijackThis incorrectly this time. You are using this one:
    C:\Documents and Settings\Erik\Desktop\hijackthis\HijackThis.exe

    Delete this one and from now on use the one you used last time that is in C:\Program File\HJT

    Did you forget to select and fix the below line? Fix it now and make sure it does not come back.

    O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

    How is everything working?

    Now you must get started on getting your system protected, including getting your OS and IE updated. All of this is contained in the below link:

    How to Protect yourself from malware!
     
    chaslang, Jan 19, 2006
    #7
  8. doubledowntowin

    doubledowntowin Private E-2

    Let me know how this looks. Thanks for the help again. Computer is running perfect.
     

    Attached Files:

    doubledowntowin, Jan 19, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's goof but you have to start working the How to protect thread ASAP.
     
    chaslang, Jan 19, 2006
    #9
  10. doubledowntowin

    doubledowntowin Private E-2

    I just bought a brand new computer today...My wife and I both agreed that it was time, although the other one was running fine(we're going to give it to someone) What should I install to make sure that I don't have problems like before. Any advice will be appreciated. Thanks in advance
     
    doubledowntowin, Jan 22, 2006
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds