Hijackthis log file to be analysed

[Shikhar]

Can anyone check whether the hijackthis log file has problems or not.

Logfile of HijackThis v1.99.1
Scan saved at 9:45:11 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe
D:\WINDOWS\System32\ZoneLabs\isafe.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\spupdsvc.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\spnpinst.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\Sysocmgr.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Sify Broadband\BBClient.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *crackspider.net/ie/sbar.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.rediff.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - D:\Program Files\AV VCS 3.0 GOLD\Vcs3RT.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74085963-8ACF-4D37-93A3-6584FE82C4C2}: NameServer = 202.144.115.4,202.144.66.6
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

 

[navjotjsingh]

Can anyone check whether the hijackthis log file has problems or not.

Logfile of HijackThis v1.99.1
Scan saved at 9:45:11 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe
D:\WINDOWS\System32\ZoneLabs\isafe.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\spupdsvc.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\spnpinst.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\Sysocmgr.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Sify Broadband\BBClient.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *crackspider.net/ie/sbar.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.rediff.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - D:\Program Files\AV VCS 3.0 GOLD\Vcs3RT.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74085963-8ACF-4D37-93A3-6584FE82C4C2}: NameServer = 202.144.115.4,202.144.66.6
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

Fix the entries marked in red.

 

[bharathbala2003]

D:\WINDOWS\system32\slserv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *crackspider.net/ie/sbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

 

[swatkat]

Can anyone check whether the hijackthis log file has problems or not.

Logfile of HijackThis v1.99.1
Scan saved at 9:45:11 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe
D:\WINDOWS\System32\ZoneLabs\isafe.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\spupdsvc.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\spnpinst.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\Sysocmgr.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Sify Broadband\BBClient.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *crackspider.net/ie/sbar.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.rediff.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - D:\Program Files\AV VCS 3.0 GOLD\Vcs3RT.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74085963-8ACF-4D37-93A3-6584FE82C4C2}: NameServer = 202.144.115.4,202.144.66.6
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

Run HijackThis, and click the button Dp a System scan only. Then select the red entries.
Then close ALL the open windows, browers and then click Fix in HijackThis.
Post a fresh log file.

 

[drgrudge]

Can anyone check whether the hijackthis log file has problems or not.

Logfile of HijackThis v1.99.1
Scan saved at 9:45:11 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe
D:\WINDOWS\System32\ZoneLabs\isafe.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\spupdsvc.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\spnpinst.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\Sysocmgr.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Sify Broadband\BBClient.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *crackspider.net/ie/sbar.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.rediff.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - D:\Program Files\AV VCS 3.0 GOLD\Vcs3RT.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\movedfiles\freeram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74085963-8ACF-4D37-93A3-6584FE82C4C2}: NameServer = 202.144.115.4,202.144.66.6
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

Just fix that RED item and run CCleaner....

 

[theraven]

1 log 4 interpretations
anyways shikhar i sugges u listen to swat and grudge
the bharath has marked things that shouldnt be

guys a hijackthis log file can be used only one way .. the right way
a wrong fix could render the system useless ... so be careful on what u advice

 

[Nemesis]

@bhratabala: Be careful about the programs you list as dangerous. You have listed Yahoo Messenger and MSN Messenger entries in red as if they were dangerous. If he were to remove those, the two messengers would not work. Please be careful when giving advice. He would've ended up having to reinstall some stuff if he did as you told.

Be careful in the future

 

[bharathbala2003]

D:\WINDOWS\system32\slserv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *crackspider.net/ie/sbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

sorry will surely be more careful from now..

well i have edited it.. but then i would like to know y the one in brown is needed.. the BHO has no name and has only a key.. is that needed?

 

[swatkat]

Look in the next line of that BHO entry, file name is present in the next line, it belongs to SpyBot SnD.

 

[drgrudge]

@ bharatbala,
see this entry:

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

This can be removed or if the first and last names is missing...

 

[Shikhar]

Thanks