BD, Panda & HJT Logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by Fandango, May 24, 2006.

  1. Fandango

    Fandango Private E-2

    The past couple of weeks I've had some slowdown build up noticeably on my computer as well as some strange behavior (extra toolbar in IE, etc.), so I decided to go through the "Read & Run Me First" topic to see if I could get some of these problems removed. I've attached all 3 of the logs below, and thank you for any help that you can provide. :)
     

    Attached Files:

    Fandango, May 24, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    What are the below? If not needed, delete them!
    C:\Abyss\Games\Downloaded Games\Gold Miner\GoldMinerSetup-dm.exe
    C:\Documents and Settings\Alex Davis\Desktop\FFXI\Setup_RC1.exe

    What do you mean by "extra toolbar"? I see Google Toolbar but they would be something you installed. If you do not want it, then uninstall it.

    Did you knowingly install Desktop Weather?
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

    Did you install HiDownload? See: http://www.hidownload.com/
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll

    You should uninstall Logitech Desktop Messenger which you more than likely do not need anyway and it is cluttering up your system with crap. See the below that you need to fix from it in you HJT log.


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O18 - Protocol: bw+0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {43D0BE07-0309-4944-8296-BD5FE61294C3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.:

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.
     
    chaslang, May 25, 2006
    #2
  3. Fandango

    Fandango Private E-2

    Those were nothing I've used in a long time, so I deleted them. :)

    It was an addition to the Google toolbar. I suspect it had something to do with Viewpoint, so I uninstalled it from Add/Remove Programs as mentioned in the FAQ and it seems to be completely gone now.

    Nope.

    Yes, but I don't use it anymore.

    I removed all of the files associated with the Logitech Program. My computer seemed to have started up a bit quicker (mostly judging by how long it took my cursor to stop displaying the hourglass next to it). There were some occasions where my mouse would slow down and the cursor would change to a crosshair-type one when hovering over links. It didn't always happen, but we'll see if removing those files keep it from happening.

    Also, attached a new HJT log.
     

    Attached Files:

    Fandango, May 25, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you do not use HiDownload and did not install Desktop Weather, goto Add/Remove Programs and uninstall them. Then make sure the below items no longer appear in your HJT log:


    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE

    Are you having anymore malware problems?
     
    chaslang, May 25, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds