Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PSGuard Strikes Again! [resolved]

Started by jdziedzic , Oct 28 2005 01:33 PM

  • This topic is locked This topic is locked

#16
g2i2r4
Posted 04 November 2005 - 10:07 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
:tazz: Great news, thanks for the feedback.

Can you remember names for those unrecognized files? I'd like to check a few of them.
  • 0

Advertisements

#17
jdziedzic
Posted 04 November 2005 - 10:16 AM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When I ran it, it wasn't actually giving me filenames... do I need to let it run all the way through in order to get those? Doing so would probably take a REALLY long time and be REALLY tedious (judging from the rate it was going the last time I ran it), but if it'll help the spyware-busting cause, I'll gladly do it.
  • 0

#18
jdziedzic
Posted 04 November 2005 - 10:17 AM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When I ran it, it wasn't actually giving me filenames... do I need to let it run all the way through in order to get those? Doing so would probably take a REALLY long time and be REALLY tedious (judging from the rate it was going the last time I ran it), but if it'll help the spyware-busting cause, I'll gladly do it.
  • 0

#19
jdziedzic
Posted 04 November 2005 - 10:17 AM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When I ran it, it wasn't actually giving me filenames... do I need to let it run all the way through in order to get those? Doing so would probably take a REALLY long time and be REALLY tedious (judging from the rate it was going the last time I ran it), but if it'll help the spyware-busting cause, I'll gladly do it.
  • 0

#20
g2i2r4
Posted 04 November 2005 - 10:35 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
See if you can get a hold of the Windows 2000 installation disc and rerun sfc. I really want to make sure we clean up all.
  • 0

#21
jdziedzic
Posted 04 November 2005 - 01:07 PM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Will do. We probably won't be able to see my girlfriend's parents until Thanksgiving Break, which is in a few weeks (such is the life of transportation-less college students), so we won't be able to get the installation disc until then. Thus, if this is the next step, I'll likely be incommunicado for a couple of weeks while we wait for that to happen. I'll just tell my girlfriend that web surfing won't be an option until we make sure to get everything (would it be okay to disconnect the computer from the internet and just use it for word processing, etc.?).

In the meantime, though, I really want to thank you for all the help you've given us so far, especially with respect to how quickly you've been replying to my posts. There's absolutely no way we could have dealt with this spyware infecton without your help! :)

(By the way, sorry for the triple-post... I was working from a crappy office computer at the time, and it was giving me "Page Not Found" errors when I tried to post... little did I know that it was actually posting replies AND giving me page errors :tazz:)
  • 0

#22
g2i2r4
Posted 04 November 2005 - 01:46 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
If you have no problems, it's okay to use the computer. I'd just like to know what those files are.

I'll keep the topic open (should I close it, just send me a PM) for a while.
  • 0

#23
jdziedzic
Posted 04 November 2005 - 06:32 PM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
We should be able to get it soon. When we do, I'll go ahead and run sfc and let you know what it finds. Again, thanks for all your help!
  • 0

#24
g2i2r4
Posted 05 November 2005 - 05:26 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
You're welcome.

I hope to hear from you after you ran the sfc.
  • 0

#25
jdziedzic
Posted 12 November 2005 - 01:04 PM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, my girlfriend's folks stopped by a few days ago and brought the Windows 2000 installation disc with them, so I was able to run sfc again. With the disc in, the status bar ran all the way to completion without stopping for any reason. After it finished, the program window closed, and that was it. I rebooted the computer and tested everything, and there doesn't seem to be any difference from before. I'm guessing that this is a good thing. :tazz: What should I do now?
  • 0

Advertisements

#26
g2i2r4
Posted 12 November 2005 - 01:33 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Thanks for the feedback. At least now we know for sure the system files are okay. I wanted to make sure on that.

Please post me a HijackThis log to check, since I haven't seen one since you uninstalled those programs.
Also let me know if the computer is running okay now.
  • 0

#27
jdziedzic
Posted 12 November 2005 - 03:34 PM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:31:30 PM, on 11/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.ni...s/ACGM/Acgm.cab
O18 - Protocol: bw+0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {95B65FB0-056E-40C2-9142-40966C23540D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

#28
g2i2r4
Posted 12 November 2005 - 03:42 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Looks clean to me :tazz:

Is the computer running ok?
If so, shall I post you some tips for the future and close this topic?
  • 0

#29
jdziedzic
Posted 12 November 2005 - 04:31 PM

jdziedzic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Seems to be running great! Thanks once again for all your help! When my poor college student-ness allows, I'm going to try to make a donation in your honor. Go ahead and tip away!
  • 0

#30
g2i2r4
Posted 13 November 2005 - 04:10 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Re-enable system restore with the instructions from the tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & Hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware – Download and install Ad-Aware. You should also scan your computer with this program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from your Computer

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

You may want to check this fine article by Tony Klein: How did I get infected in the first place?

Glad I was able to help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP