NewB here needs help!! (in more ways than one!! lol)

Discussion in 'Malware Help (A Specialist Will Reply)' started by bowmanmdb, Jun 12, 2006.

  1. bowmanmdb

    bowmanmdb Private E-2

    I have read the procedures several times and have performed the steps to the best of my ability(not a much of a techy). I had to start over several times to get it right, but still infected with what looks to be many many issues.....Feel free to correct me if I did something wrong, but I have spent hours looking for a solution and have only come up with this.....:confused: :mad:

    THANK YOU FOR YOUR TIME!!!
     

    Attached Files:

    bowmanmdb, Jun 12, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You did not run the online scan from Bitdefender and attach the proper log from it. What you did was install Bitdefender's full antivirus package. You must uninstall this. You already have AVG install and you must only use one antivirus application.

    Where is the log from PandaActiveScan that was requested in step 6 of the READ ME.


    So basically you must do step 6 of the READ ME!


    Let's get an installed programs list from HijackThis too!
    • Run HijackThis, click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Click Save List (generates uninstall_list.txt)
    • Click Save, to save it to a file where you can find it.
    • Attach the uninstall_list.txt file to your next message.
    Did you install the below packet capture program on your PC? Perhaps to use with a program like Ethereal?
    Remote Packet Capture Protocol v.0

    The reason I ask is because a service for it shows running in your HJT log.

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


    What malware problems are you actually having?
     
    Last edited: Jun 12, 2006
    chaslang, Jun 12, 2006
    #2
  3. bowmanmdb

    bowmanmdb Private E-2

    Sorry for the oversight on the Panda .txt file forgot to attach it.
    No i did not install Ethereal nor would I understand how to use it. I did install a group of programs called Karen's....and there were several programs that came with it.
    The reason I started this process was SpyQuake was on my PC. After finally getting that fixed(I think) I figured it was a good idea. My system freezes up on me once every two days and sometimes several times in a day.
    I also "feel" like some one else is on my network or been on/in my PC but that could be my own crazy mind!! lol In the past two years I have had the unfortunate experience of needing to fire, 2-3 dishonest people who I had hired to do some web developement work. They obvioulsy had the "know how", but wether they have installed something like Ethereal I'm not sure. Zone alarm is constantly telling me it has denied an incoming connection from an IP somewhere in the U.S(using whois for this info). Thanks for your help.
     

    Attached Files:

    bowmanmdb, Jun 12, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't know if WinPcap is require by Karen's Tools or not. I don't think so. We probably should uninstall it. You can always reinstall it if you find it to be needed.

    So start by uninstall the below programs using Add/Remove programs (only uninstall exactly what is listed and nothing else):
    J2SE Runtime Environment 5.0 Update 2
    Java 2 Runtime Environment, SE v1.4.2_01
    Viewpoint Media Player
    WinPcap 3.1


    Make sure viewing of hidden files is enabled (per the tutorial).
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptemp...veSekurity.cab
    O18 - Protocol: bw+0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {850EBF04-6027-47D3-8614-E670932AAF89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.:
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.
     
    Last edited: Jun 12, 2006
    chaslang, Jun 12, 2006
    #4
  5. bowmanmdb

    bowmanmdb Private E-2

    things do not seem to be any different but the issues that I was able to detect(freeze or crash) only happened once/twice a day.
    Can you tell me what the issue was/is? What is Logitech messenger? I have a web cam but never used the messenger?
     

    Attached Files:

    bowmanmdb, Jun 12, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not have any real major malware issues. All you had was Viewpoint Manager (low grade malware from AOL) and Logitech's dumb Desktop Messenger cluttering up your registry. See: http://www.bleepingcomputer.com/startups/Logitech_Desktop_Messenger-2604.html

    It is not true malware but it is un-necessary ware and I consider it junkware due to the things it does to thousands of people's PCs (just like your HJT log, many others had the same clutter).

    If you are still having problems, you will have to explain exactly what they are and when they occur. Also include error messages if you get any. However it does not sound like you are having malware problems.
     
    chaslang, Jun 13, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds