Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Adware and Task manager disabled HELP!

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    7

    Adware and Task manager disabled HELP!

    Hi, newbie here and I got a problem, duhhhh, could anyone be of some service?

    I get and error message saying that my task manager has been disabled by the admin (which is me). I have found a program to re-enable it, but every time I restart the computer, task manager has been disabled again.

    This all started when some how I got infected by a virus (don't know name) & adware. I have ran anti-spyware & virus software. It seems the virus has been successfully deleted, but I still have the adware & a Trojan coming back after each scan & deletion. The names of the 3 adware/trojan I have are:

    Trojan Horse: vesbiz downloader
    Adware: letsroll911.org hijacker
    Adware: ist software

    Procedures done:
    1. Ran SpySweeper & Norton Virus scanner in safe & normal mode.
    2. Cleaned Temp folder, Temp Internet, Cookies, and IE history.
    3. When I ran the scanners I made sure the adware/trojan wasn't running in memory (by going to task manager).
    4. Updated Windows

    I don't know if this would be of any use, but my ZoneAlarm has alerted me that kernels64.exe is trying to access the internet and this has never tried to access the internet before.

    Any help would be appreciated! Thanks

    BTW, I’ve heard a lot of people saying use “hijack this”. What is this program and what does it do?
    Mmmmm.... Bacon

  2. #2
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539

    hey

    Hijack This is a program that shows you what processes are running, like Task Manager on steriods... it allows you to delete things that shouldnt be there but, be careful what you do! dont delete anything if you dont know what it is. click HERE to download it and post your result back here so i can try and see what you having running that shouldnt be.
    Git R Dun - Ty
    A tribe is wanted

  3. #3
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    follow the link to a tut that will give the basics on PC clean ups.........

    luck to you
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #4
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    kernels64 is a dodgey name. can u track its location based on firewall alerts?

    if so.. grab the file, and submitt it to https://virusscan.jotti.org for a quick scan
    jotti should give u a scan result, identifying what infection the file belongs to. give us the names and i can have a look at it.

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    but every time I restart the computer, task manager has been disabled again.
    This means that somewhere, somehow, there is still a program being run on system startup that does this. The spyware has not been uninstalled successfully.

    In your system registry, check HKey_Current_User/Software/Microsoft/Windows/CurrentVersion/Run for any programs that should not be starting when the system is booted. Also check HKey_Current_Machine/Software/Microsoft/Windows/CurrentVersion/Run for the same thing. If you find anything there, remove it. Make a backup of that key first so if you fubar it, you can restore it to its original state.

    It might have also installed itself as a system service. Under the control panel/administrative tools, open up Services, and check if there is something there that shouldn't be. Make sure to remember which services you disable, if any, since if you disable the wrong ones, you will ened to re-enable them, or your system may become verrryy unstable.

    And of course, check the startup folder for anything that shouldn't be there too.

    If you find a file that any of these searches refers you to, delete it and see if it reappears when you start the computer. If it does, try deleting it and then placing an empty file with the same name in its place with "type nul > filename". Sometimes that works too.

    I would also like to restate that HijackThis and this tutorial can be of great assistance in this matter.

    Also, some trojans are very effective at hiding their presence. Simply because they do not appear in the task manager does not mean they are not running. Start the system in safe mode before you clean it (even still, you can't be 100% sure) and check there. It's more likely to not be running in safe mode... but not for sure.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  6. #6
    Junior Member
    Join Date
    Dec 2005
    Posts
    7
    I'm following that intro to spyware link you gave me, and hopefully all these programs will take care of it. In the mean time heres the log file from HiJAckThis:

    God only knows what half this stuff is...

    Logfile of HijackThis v1.99.1
    Scan saved at 1:23:58 PM, on 12/15/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\kernels64.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\program files\Sunbelt Software\iHateSpam\siService.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Prevx Pro\SAGUI.exe
    C:\Program Files\Globe Software\StatBar\StatBar.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HDD Health\hddhealth.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Prevx Pro\PXAgent.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\program files\Sunbelt Software\iHateSpam\siMailProxyServer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Security\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\program files\Sunbelt Software\iHateSpam\siService.exe"
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
    O4 - HKLM\..\Run: [PrevxPro] "C:\Program Files\Prevx Pro\SAGUI.exe"
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
    O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bw+0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: offline-8876480 - {4AE8E972-A561-4EF9-8A98-1876F396B060} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing)
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Mmmmm.... Bacon

  7. #7
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    WDD,

    HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing

    Those entries bother me, im not quite sure what they are but you should have them looked at by someone who does.... dont delete them til u get them looked at though, and you also have the Adobe BHO running.... which isnt a terrible thing but i think you could live without running adobe all the time. Im also wondering why you have so much Logitech software running? I have a logitech cam and I assume you do too but I dont know why you have so many instantences ( sp?) of it running.

    Goodluck and welcome to AO please take a sec to look over the FAQ.
    Git R Dun - Ty
    A tribe is wanted

  8. #8
    Junior Member
    Join Date
    Dec 2005
    Posts
    7
    HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
    that's ok, I've had that for a while. It's a status bar that shows how much HD space I have, CPU speed, RAM, etc...

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    I have an ATI Radeon 9800 Graphics card

    O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing
    That's one of foxyloxley's programs I've downloaded from his post on spyware.

    Yea I got a lot of crap on my PC, and never uninstall it. I have a logitech keyboard and joystick(never used it tho) thats all. Adobe yea I could turn it off, but again I'm new at this so I dunno how...
    Mmmmm.... Bacon

  9. #9
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    C:\WINDOWS\system32\kernels64.exe <--- Trojan

    R3 - Default URLSearchHook is missing < --- related to a redirect ?

    04 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe

    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe

    O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing) <--- If the file is missing you should remove it.

    O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe &lt;--- not sure it its legit. Did you install it ?

    Thats a start. I am not sure what to make of the repeated entry.

    The Ati2evxx.exe is related to your graphics card.
    .

  10. #10
    Junior Member
    Join Date
    Dec 2005
    Posts
    7
    Well after running spybot, ccleaner, cwshredder, and all the other programs foxyloxley recommended it seems kernels64.exe is gone, until I restart my computer then HiJackThis says it's back... I've ran all the programs in safe mode and check the task manager to see if any suspicious programs were running before the scan. kernels64.exe could be it because I never seen it before. Should I disable it using hijackthis (kernels64.exe)?

    O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
    I've installed this
    Mmmmm.... Bacon

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •