Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot access task manager or regedit [RESOLVED]


  • This topic is locked This topic is locked

#1
caroldufrat

caroldufrat

    Member

  • Member
  • PipPip
  • 44 posts
Our computer suddenly became extremely slow and wouldn't open some items.

I am not able to access the task manager by hitting ctrl, alt, delete...nothing happens.

I cannot open the regedit command either...a small dos window flashes and that's it.

I ran Norton, Microsoft, etc. and everything said no virus.

I opened into safe mode, deleting all temp files, cookies and ran PConPoint.

I am now able to open programs and the speed seems to be back to normal but I still cannot access the task manager or regedit.

Is there a way to fix this?

Thanks for any help.
I am currently downloading the Edwido and will run that also. :tazz:
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm pretty sure I know what we're dealing with here, but please follow the steps in the link below:

Please read the first link in my signature and follow the steps outlined there. When you are ready, post the HijackThis log here.
  • 0

#3
caroldufrat

caroldufrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I'm pretty sure I have a major virus!

When I ran the scan it showed scanning a file C:\documents and settings\owner\complete

This appears to be a ton of movies, programs, etc. in it but I cannot find or view this folder anywhere on the computer.

It also is starting up programs on it's own. :tazz:
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Can you run the online scans and the other spyware/virus scans listed in that link I asked you to visit? Please run then now and when you are done, restart and run a HijackThis scan. Give me that HijackThis log here.
  • 0

#5
caroldufrat

caroldufrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Greyknight
I am currently running ewido and it has found over 1400 infected files.
Most seem to be located in c:\documents and settings\owner\complete.

I have never seen or cannot find this folder in the computer....it looks like it contains programs and movies?

Ewido has been running for 18 minutes right now and is 68.1% done.

I panicked and put another post on the site, sorry!!
I will do a hijack this after ewido is done and post it here.
Thank you so much.
Carol
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Carol, wait until the Ewido scan is complete. Then save the report. Restart and post that report here along with a new HijackThis log.

OK, which of these are duplicates (all of them maybe)? I see these:

Link 1
Link 2
Link 3

If these are duplicates, tell me so I can close them. This saves us time since another staff might take it not knowing it's being worked on already. No more duplicates please :tazz:
  • 0

#7
caroldufrat

caroldufrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Those were duplicate requests for help.....I'm so sorry about that :tazz:

Ewido did not give me a report....It found 1494 infected files and asked me to manually delete the archice that they were in....I had maybe 100 more to delete and it stopped responding.

I restarted as you said and here is my hijack file

Logfile of HijackThis v1.99.1
Scan saved at 8:27:21 PM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ggpqqiio\gbut.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\yomw\qrsmi.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\crrpm\nkueb.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\vsbx\rqawfmpo.exe
C:\WINDOWS\system32\yfrlt\idppj.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\pgkaqi\ttbe.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://by103fd.bay10...rmbox=00000000%

2d0000%2d0000%2d0000%2d000000000001&a=82d30f8f0c636333e1553872210cc3d5c

a5b174199b0701576aaa1c9474bfc35&fti=yes
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://by103fd.bay10...rmbox=00000000%

2d0000%2d0000%2d0000%2d000000000001&a=82d30f8f0c636333e1553872210cc3d53

ad71c016d5313a8db70cb9c0ea3acf1&fti=yes
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670}

- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {79A002FB-C126-462D-B4A7-81D6B42D1666} - (no

file)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0A80807-0AA6-F8C3-6466-152E10A1C2B8} -

C:\WINDOWS\system32\rqxmpvqa\dpdpjrfk.dll
O2 - BHO: Internet Explorer Web Content Catcher -

{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program

Files\DNS\Catcher.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Search Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec

Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common

Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program

Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program

Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro

Millennium BE\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program

Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [Advanced Tools Check]

C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Tapi32] okhkym.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program

Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe

-CheckReg
O4 - HKLM\..\Run: [aklsc] C:\WINDOWS\system32\stcoyfqv\aklsc.exe
O4 - HKLM\..\Run: [qivhan] C:\WINDOWS\system32\mxugwapr\qivhan.exe
O4 - HKLM\..\Run: [tqatu] C:\WINDOWS\system32\osropru\tqatu.exe
O4 - HKLM\..\Run: [lhvbbtpr] C:\WINDOWS\system32\qabf\lhvbbtpr.exe
O4 - HKLM\..\Run: [tltty] C:\WINDOWS\system32\yrjji\tltty.exe
O4 - HKLM\..\Run: [ieraf] C:\WINDOWS\system32\kcwo\ieraf.exe
O4 - HKLM\..\Run: [veyqyd] C:\WINDOWS\system32\osteg\veyqyd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner]

C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH

Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKLM\..\Run: [ttbe] C:\WINDOWS\system32\pgkaqi\ttbe.exe
O4 - HKLM\..\Run: [qrsmi] C:\WINDOWS\system32\yomw\qrsmi.exe
O4 - HKLM\..\Run: [nkueb] C:\WINDOWS\system32\crrpm\nkueb.exe
O4 - HKLM\..\Run: [idppj] C:\WINDOWS\system32\yfrlt\idppj.exe
O4 - HKLM\..\Run: [rqawfmpo] C:\WINDOWS\system32\vsbx\rqawfmpo.exe
O4 - HKLM\..\Run: [gbut] C:\WINDOWS\system32\ggpqqiio\gbut.exe
O4 - HKLM\..\RunServices: [Tapi32] okhkym.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common

Files\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common

Files\mc-58-12-0000140.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program

Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN

Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search -

http://bar.mywebsear...?p=ZNxdm801YYCA
O8 - Extra context menu item: &Translate English Word -

res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -

res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?4fc45d7ade1844b9bfc3a

781b1032cc
O8 - Extra context menu item: Open in new foreground tab -

res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?4fc45d7ade1844b9bfc3a

781b1032cc
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} -

C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
O9 - Extra 'Tools' menuitem: IE Privacy Keeper -

{D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH

Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF:

START_PAGE_URL=http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL?cu

rmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=82d30f8f0c636333e1

553872210cc3d53ad71c016d5313a8db70cb9c0ea3acf1&fti=yes
O14 - IERESET.INF:

MS_START_PAGE_URL=http://by103fd.bay103.hotmail.msn.com/cgi-bin/HoTMaiL

?curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=82d30f8f0c63633

3e1553872210cc3d53ad71c016d5313a8db70cb9c0ea3acf1&fti=yes
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan

Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} -

http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb

ActiveX Control) - http://www.dfa.on.ca...AB/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) -

http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupd...ols/en/x86/clie

nt/wuweb_site.cab?1114581104406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.micros...s/en/x86/client

/muweb_site.cab?1126450324593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class)

- http://www.hpphoto.c...nloadPhotos.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -

http://a19.g.akamai....3302/cpbrkpie.c

ab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo

Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search

Settings Control) -

http://lg.home.micro...rchsettings.cab
O18 - Protocol: bw+0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B}

- C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A08F0C8-21AF-4555-BA63-A5B02CF52628} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 -

{3A08F0C8-21AF-4555-BA63-A5B02CF52628} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program

Files\Roxio\GoBack\GBPoll.exe
O23 - Service: lhvbbtprqabf - Unknown owner -

C:\WINDOWS\system32\qabf\lhvbbtpr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: ttbepgkaqi - Unknown owner -

C:\WINDOWS\system32\pgkaqi\ttbe.exe
O23 - Service: veyqydosteg - Unknown owner -

C:\WINDOWS\system32\osteg\veyqyd.exe
O23 - Service: Windows Automatic Updates - Stanford University -

C:\WINDOWS\system32\windowsautomaticupdates.exe

Thanks again for any help.....
It's nice to have some direction from someone who knows what they are doing!! :)
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Carol, Ewido should have a button called Save Report after it's done with all the scanning. How do you know what to delete though? Do you have that list on you now? If you do, post it here. Otherwise hit the Save Report button in Ewido.

I hate to delay this a bit longer, but it's very hard for me to read your log like this:

Please make sure that Word Wrap is turned OFF in Notepad before you post your HijackThis log next time. As you can see, the formatting it creates (see the log you posted) makes it harder for us to read it. So give me a new log with word wrap turned off (Preview your post first if you want to make sure it's done properly this time). Thanks.
  • 0

#9
caroldufrat

caroldufrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I didn't get a chance to save a report from ewido....the computer crashed right after i sent the hijack log.

I can't even get windows to start up now.
Says it is missing or the file is corrupted
c:\windows\system32\config\system

I put in the xp disc but it won't re-install because of the above.

Help!
I am typing this from work.
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
What happened? It usually don't get corrupted when it's left alone. Was it corrupted already when you posted your HijackThis log?

You should have saved the Ewido after the scanning was done. Not after you restarted your computer and posted the HijackThis log. Ewido would have been closed already by then. I don't think you can get the log back without running the scan again...but with this new problem now, that may have to wait.

Is your bios set to boot from the CD Drive first? Are you sure this is the Windows XP CD?
  • 0

#11
caroldufrat

caroldufrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Unfortunately the computer crashed while ewido was running.

Tried to boot from the original Windows XP disc and nothing.

I have a friend looking at it now....even ewido had a virus in it, so did xoftspy.......hopefully he can get rid of everything and back up my data....

I was really hoping to get rid of the problem before it crashed.

One file that appeared to have the majority of virus was c:\documents and settings\owner\complete

Yet when we looked, we couldn't locate it (even showing hidden files). It had a lot of movies, programs, etc. that I have never seen before. Ewido was locating them before it crashed.

I would just like to prevent this from happening again! How are we getting these virus on our computer? Is it from visiting websites? limewire? (if I download music, I run a scan before opening and none have ever shown up)
Any information will be appreciated.
Thanks
Carol :tazz:
  • 0

#12
caroldufrat

caroldufrat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Unfortunately the computer crashed while ewido was running.

Tried to boot from the original Windows XP disc and nothing.

I have a friend looking at it now....even ewido had a virus in it, so did xoftspy.......hopefully he can get rid of everything and back up my data....

I was really hoping to get rid of the problem before it crashed.

One file that appeared to have the majority of virus was c:\documents and settings\owner\complete

Yet when we looked, we couldn't locate it (even showing hidden files). It had a lot of movies, programs, etc. that I have never seen before. Ewido was locating them before it crashed.

I would just like to prevent this from happening again! How are we getting these virus on our computer? Is it from visiting websites? limewire? (if I download music, I run a scan before opening and none have ever shown up).
We have Norton Antivirus on our computer right now. What is the best virus program for us to prevent this?
Any information will be appreciated.
Thanks
Carol :tazz:
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Carol, it's always a risk using programs like Limewire because you don't know who you are getting the files from...

It could be from Limewire, websites, unknown programs that you installed, popups (spyware infested popups), etc...

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Tell me the status of this or if you need more help, feel free to ask here or in the Windows forum.
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP