JMac Posted September 19, 2005 Share Posted September 19, 2005 Logfile of HijackThis v1.99.1 Scan saved at 15:19:58, on 19/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5112.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesblueyonderPCguardfws.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesCommon FilesCommand Softwaredvpapi.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32CTHELPER.EXE C:Program FilesMicrosoft AntiSpywaregcasServ.exe C:WINDOWSsystem32LVCOMSX.EXE C:Program FilesblueyonderPCguardRPS.exe C:Program FilesJavajre1.5.0_05binjusched.exe C:Program FilesLClocklclock.exe C:Program Filesblueyonder ISTbinmpbtn.exe C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe C:Program FilesWindows Media Playerwmplayer.exe C:WINDOWSexplorer.exe C:Program FilesMSN Messengermsnmsgr.exe C:WINDOWSsystem32wisptis.exe C:WINDOWSsystem32msiexec.exe C:Program FilesiPodbiniPodService.exe C:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsJames MacMillanDesktopHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.blueyonder.co.uk/ O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program FilesblueyonderPCguardpkR.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program FilesblueyonderPCguardFBHR.dll O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe" O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE O4 - HKLM..Run: [PCguard] "C:Program FilesblueyonderPCguardRPS.exe" O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_05binjusched.exe O4 - HKLM..RunOnce: [indexCleaner] "C:Program FilesblueyonderPCguardIdxClnR.exe" O4 - HKCU..Run: [LClock] C:Program FilesLClocklclock.exe O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:Program Filesblueyonder ISTbinmatcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_05binnpjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_05binnpjpi150_05.dll O9 - Extra button: @C:Program FilesMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: @C:Program FilesMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118968879000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126562016047 O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:Program FilesCommon FilesCommand Softwaredvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:Program FilesblueyonderPCguardfws.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe Link to comment Share on other sites More sharing options...
Administrator Tarun Posted September 19, 2005 Administrator Share Posted September 19, 2005 These can go: O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_05binjusched.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_05binnpjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_05binnpjpi150_05.dll 16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/fi...tivePreQual.cab Link to comment Share on other sites More sharing options...
JMac Posted September 19, 2005 Author Share Posted September 19, 2005 These can go: O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll 16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/fi...tivePreQual.cab <{POST_SNAPBACK}> Removed. Logfile of HijackThis v1.99.1 Scan saved at 23:01:15, on 19/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5112.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\blueyonder\PCguard\fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\blueyonder\PCguard\RPS.exe C:\Program Files\LClock\lclock.exe C:\Program Files\blueyonder IST\bin\mpbtn.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Documents and Settings\James MacMillan\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/ O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe" O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\blueyonder\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\blueyonder\PCguard\IdxClnR.exe" O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1118968879000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126562016047 O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Link to comment Share on other sites More sharing options...
Administrator Tarun Posted September 19, 2005 Administrator Share Posted September 19, 2005 Clean. Link to comment Share on other sites More sharing options...
Recommended Posts