HijackThis - Vishal Gupta

After seing this (askvg.com), I am posting my log file details generated by HijackThis here in this forum rather than askvg.com due to some reason I will post the reason afterwards...!!!

Vishal Gupta I had generated the below content by HijackThis. Can u tell me whether my pc is infected by any Virus, Spyware, Adware or Torjan..???

My log file:-

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:57 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc .exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Plustek\OpticBook 3600 Corporate\Am32Plus.exe
C:\Program Files\Plustek\OpticBook 3600 Corporate\book express.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\GIMP-2.0\bin\gimp-2.4.exe
C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon. exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DC57D1B-AB60-497E-B614-87A96FD08BC1}: NameServer = 218.248.240.23 218.248.240.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFE70012-96BD-4465-A852-D748E86E7E29}: NameServer = 172.16.0.1,202.138.103.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAACC208-8BF2-4C6C-9F90-373A7B3AD60B}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8156 bytes

Plz reply ASAP.

VG Plz help.

Thanks in advance VG..!!!

[Vishal Gupta]

Please fix following:

Code:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)

You can also fix following entries which are useless and can be safely removed to speedup Windows:

Code:

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[Gigacore]

Use CCleaner

Quote:

Originally Posted by Vishal Gupta

Please fix following:

Code:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)

Ok according to u this is Virus, Spyware, Adware or Torjan..???

Correct.

Quote:

Originally Posted by vaibhavtek

I am posting my log file details generated by HijackThis here in this forum rather than askvg.com due to some reason I will post the reason afterwards...!!!

So my reason is that how did u detect that those file (quoted above) are virus or spyware or Adware or Trojan...???

i.e. there are many file in log details but how did u detect that these file are only infected...???

Hope u understand my question...!!!

Quote:

Originally Posted by Vishal Gupta

You can also fix following entries which are useless and can be safely removed to speedup Windows:

Code:

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

How did u get that these entry are useless..???

Hope my question is clear to u..!!

Plz reply ASAP.

[Count Dracula]

Dude,why did you create a seperate thread for this purpose?,Should've PM'ed Vishal Gupta.

Quote:

Originally Posted by Gigacore

Use CCleaner

What do u want to say abt using CCleaner..??

Ccleaner doesnot remove any virus, spware etc etc..

Useleess suggestion

[Vishal Gupta]

^^ The entries which I usually tell to fix are based on experience. for example, first 2 entries which I suggested to fix show that there are some restrictions in Internet Explorer. It may be toolbar restrictions, homepage restrictions, Settings restrictions and most of the time these are set by virus, spyware. So I suggested to fix them.

Other 2 entries show that a site is redirecting you somewhere which is suspicious, so its better to remove it.

Other entries which I tools you to fix to speedup Windows are obvious. Those are related to Java update checker, Graphics Cards startup entry, etc. These can be disabled from startup to speedup your startup.

I hope you understood it.

Quote:

Originally Posted by Count Dracula

Dude,why did you create a seperate thread for this purpose?,Should've PM'ed Vishal Gupta.

PM is blocked by Vishal Gupta.
Thats why started a seperate thread.

Quote:

Originally Posted by Vishal Gupta

^^ The entries which I usually tell to fix are based on experience. for example, first 2 entries which I suggested to fix show that there are some restrictions in Internet Explorer. It may be toolbar restrictions, homepage restrictions, Settings restrictions and most of the time these are set by virus, spyware. So I suggested to fix them.

Other 2 entries show that a site is redirecting you somewhere which is suspicious, so its better to remove it.

Other entries which I tools you to fix to speedup Windows are obvious. Those are related to Java update checker, Graphics Cards startup entry, etc. These can be disabled from startup to speedup your startup.

I hope you understood it.

Thanks VG.

U guys just rock.

According to u, u see each and every line of my log file and said that.

Thanks for repling.

[Vishal Gupta]

^^ Of course. I check every line thats why I ask to post the log file content. A few ppl think that it might be auto analyzed at hijackthis site but I never advise it cause the results are not accurate. They are just based on the older results. Its always better to manually analyze it and fix the required entries.

^^ Are u sure that after removing this file in Safe Mode, I will not get any Virus, Trojan etc etc detected in any Anti-Virus, Anti-Spyware Software..???

[utsav]

After looking at the thread title i thought Vishal Gupta got hijacked

Quote:

Originally Posted by Vishal Gupta

auto analyzed at hijackthis site

are u taliking of this site:- www.hijackthis.de

Plz reply me:-http://www.thinkdigit.com/forum/showpost.php?p=758808&postcount=10

[Vishal Gupta]

^^ Yep. Reg. to your problem. After removing those entries your system should work fine.

Quote:

Originally Posted by utsav

After looking at the thread title i thought Vishal Gupta got hijacked

lol.

[Gigacore]

Quote:

Originally Posted by vaibhavtek

What do u want to say abt using CCleaner..??

Ccleaner doesnot remove any virus, spware etc etc..

Useleess suggestion

heh... use CCleaner to fix those registries

u r a funky guy!

Quote:

Originally Posted by Vishal Gupta

^^ Of course. I check every line thats why I ask to post the log file content. A few ppl think that it might be auto analyzed at hijackthis site but I never advise it cause the results are not accurate. They are just based on the older results. Its always better to manually analyze it and fix the required entries.

Thanks for repling and understanding me.

Quote:

Originally Posted by utsav

After looking at the thread title i thought Vishal Gupta got hijacked

lol

Quote:

Originally Posted by Gigacore

heh... use CCleaner to fix those registries

u r a funky guy!

Ccleaner doesnot removes any Virus, Adware, Spware etc etc.
Ccleaner fixs registry prob. but there are none in my system.
I use Ccleaner for a long time.

[Gigacore]

^ okie

[anandk]

Just as one cannot trust automated analysis, one cannot trust an expert NOT to make mistakes. While an experts judgement may be his own individually only, the following sites auto-analyse logs, based on tons of data collected, to make their recommendations ! Ultimately, you need to make your own call, considering all.

HijackThis.de
Prevx
Networktechs
Help2Go

One can also download HijackThis Reader and use it.

[Vishal Gupta]

^^ Neither I said I'm an expert nor I said I can't make mistakes. Since he asked for my help, I tried my best to help him. I posted my personal experience. Its always better to check the file manually instead of automatic process.

@vaibhav
Please don't ask problems to a particular member. Its a forum not a site. Everyone wants to help and asking one member for help is like insulting the others. I hope you can understand it.

[Gigacore]

@ anand, what happened to u bro ?

[ax3]

@utsav .... +1 ....

[Quiz_Master]

anandk.. Thanks for the links buddy...

Quote:

Originally Posted by anandk

Just as one cannot trust automated analysis, one cannot trust an expert NOT to make mistakes. While an experts judgement may be his own individually only, the following sites auto-analyse logs, based on tons of data collected, to make their recommendations ! Ultimately, you need to make your own call, considering all.

HijackThis.de
Prevx
Networktechs
Help2Go

One can also download HijackThis Reader and use it.

Thanks for the link bro..!!!

Quote:

Originally Posted by Vishal Gupta

@vaibhav
Please don't ask problems to a particular member. Its a forum not a site. Everyone wants to help and asking one member for help is like insulting the others. I hope you can understand it.

Ok thanks for the suggestion.

[enticer86]

Pls advise what to do... heres a report:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:41 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.19/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CameraServer - Unknown owner - C:\Program Files\Eyemail Technology Inc\CameraServer.exe (file missing)
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4102 bytes

I have looked in ur file and found only I problem just remove it.

Quote:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

[enticer86]

really? that means my pc is free of any kinda trouble?? :O
How to remove it?

[Vishal Gupta]

Your system is absolutely fine. No problems found. Although you can fix following unnecessary entries to speed up your system:

Code:

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

To fix the entries, Boot your Windows in Safe Mode by pressing “F8″ key at system startup and select “Safe Mode” option. Run HijackThis again. Then select the entries and click on “Fix checked” button.

Quote:

Originally Posted by enticer86

really? that means my pc is free of any kinda trouble?? :O

How to remove it?

See my closed thread:-HijackThis - Post ur log file

Plz help me to agree shantanu to reopen this thread.
I am asking him a lot.
Plz PM him to reopen the thread.

VG I think u r realsing the neccesity of this thread HijackThis - Post ur log file.

Plz help me to reopen this thread.

At the last of it i will write that:-
Suggestion for this thread came from:-www.askvg.com[Vishal Gupta's Site]

Plz VG and enticer86 help me.

[anandk]

Quote:

Originally Posted by Vishal Gupta

^^ Neither I said I'm an expert nor I said I can't make mistakes. Since he asked for my help, I tried my best to help him. I posted my personal experience. Its always better to check the file manually instead of automatic process.

I am glad I visited this thread again, else I wouldnt have seen this comment. Vishal, I wasnt referring to you, I just made a general statement. And I accept that you are a genius. Havent i already refered to you as one in atleast 2 other forums or on the telephonic chat of MVPs sometime back? So pls remove this or any other misunderstanding you may have. Take my word !

[Vishal Gupta]

^^ I have no hard feelings as well. I was quite surprised by your comments but thanks for making it clear.