1. Hey Guest Did you know you can win an Honor 10 phone worth ₹33,000 and an additional ₹70,000 in paytm vouchers, just by replying to some threads and taking part in the discussions happening in the Honor Hub?

    What are you waiting for? Start commenting and start winning! Remember to read the instructions posted here.

    Dismiss Notice

popup problem;..

Discussion in 'QnA (read only)' started by kumar4141, Mar 9, 2005.

Thread Status:
Not open for further replies.
  1. kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    i have win2000 and i m using cable internet but after sometime i got the popup from www.upgrade.org/ it comes in both firefox and IE6 . both browsers stop all other popups from the site which i open but they don't stop it.can anyone tell me how i can solve this........
     
  2. swatkat

    swatkat Active Member

    Joined:
    Mar 12, 2004
    Messages:
    2,060
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    Shimoga/ಶಿವಮೊಗ್ಗ
  3. OP
    OP
    kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    but from where i can download hijack this
     
  4. bharathbala2003

    bharathbala2003 why need title?

    Joined:
    Feb 4, 2005
    Messages:
    1,134
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    CONFUSED!! AM LOST
  5. OP
    OP
    kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    i m pasting the log file here:::::

    Logfile of HijackThis v1.99.1
    Scan saved at 10:23:04 PM, on 3/9/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\ups.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://61.16.134.1/auth
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
     
  6. bharathbala2003

    bharathbala2003 why need title?

    Joined:
    Feb 4, 2005
    Messages:
    1,134
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    CONFUSED!! AM LOST
    fix the one's with red one's.. @swat i suppose wat i said is rite :D
     
  7. OP
    OP
    kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    sorry bharat i couldn't get it what u say..

    "fix the red one's"
    but i can't see any red mark in the log file that u have shown:
     
  8. bharathbala2003

    bharathbala2003 why need title?

    Joined:
    Feb 4, 2005
    Messages:
    1,134
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    CONFUSED!! AM LOST
    i meant those highlted with brown i gues.. i can c the color in my comp :? the first few lines.. jus select em and click on FIX CHECKED option below..
     
  9. theraven

    theraven Active Member

    Joined:
    May 5, 2004
    Messages:
    2,912
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    off to "never ever" land
    the first 3 entries u identified are safe


    next in 02 dap is identified as spyware .. dont remove it if u want dap to work
    use registered dap not the trial !!

    next in o2 is the quicksearch entry
    the other entries are safe

    the one above and below the quicksearch entry are not required since they are missing files u can fix them

    the o3 entries u identified rightly !

    but u missed out a lot

    O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe

    these are added due to the BMBOT virus

    also this one

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab

    and delete this if u dun recognise the ip/domain

    O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
     
  10. bharathbala2003

    bharathbala2003 why need title?

    Joined:
    Feb 4, 2005
    Messages:
    1,134
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    CONFUSED!! AM LOST
    @raven thnx.. this is my first post on HT.. :D got lot to learn :D
     
  11. swatkat

    swatkat Active Member

    Joined:
    Mar 12, 2004
    Messages:
    2,060
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    Shimoga/ಶಿವಮೊಗ್ಗ

    Follow these steps carefully:-

    Uninstall these Softwares from Add/Remove Programs in Control Panel (if you find them):-
    1] QuickSearch SearchBar
    2] NavExel Search Toolbar
    3] IncrediFind
    4] NavPoint Toolbar

    Then boot in SAFE mode only, run HijackThis again and click the button "Do only a System Scan".
    Put a CHECK MARK for the entries which are made RED above.Then click Fix.

    After this, in SAFE mode only, Delete these files (if you find them), using the Search feature of the Windows:-
    1]INCFIN~1.DLL (search for INCFIN*.DLL)
    2] QuickSearchBar3_28.dll
    3] NavExcelBar.dll
    4] QuickSearchBar3_28.dll
    5] WINUPDATE.exe
    6] related.htm

    And also delete these Folders:-
    1] INCREDIFIND
    2] QuickSearch
    3] NavExcel Search Toolbar


    After this RESTART the System to Normal Mode, and run CleanUp!
    http://cleanup.stevengould.org/

    You have Rado Trojan (that WINUPDATE.EXE file), you better download Trojan Remover and do a System scan.
    http://www.simplysup.com/tremover/download.html

    Also get McAfee Stinger and do a System Scan.
    http://vil.nai.com/vil/averttools.asp

    Then post a FRESH HijackThis Log again.
     
  12. amitsaudy

    amitsaudy New Member

    Joined:
    May 15, 2004
    Messages:
    525
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    Run spybot and scan for all adware and spyware.
    Install the latest service packs available for ur os.
    Install the google toolbar and enable the advanced features(U can trust google).
    Or rather get the latest version of Norton internet security .
     
  13. neerajvohra

    neerajvohra Banned

    Joined:
    Jan 7, 2005
    Messages:
    818
    Likes Received:
    2
    Trophy Points:
    0
    My Answer
    Download Ad-Aware Or Microsoft Spyware ,
    Then Scan Your Computer,
    See the Result!!!
     
  14. OP
    OP
    kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    thanx guys for ur reply
    but the problem still remains the same , i have done everything that u have said
    this is my new log file after fixing the errors:
    Logfile of HijackThis v1.99.1
    Scan saved at 8:27:09 PM, on 3/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\ups.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
     
  15. OP
    OP
    kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    thanx guys for ur reply
    but the problem still remains the same , i have done everything that u have said
    this is my new log file after fixing the errors:
    Logfile of HijackThis v1.99.1
    Scan saved at 8:27:09 PM, on 3/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\ups.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
     
  16. OP
    OP
    kumar4141

    kumar4141 New Member

    Joined:
    Dec 20, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    delhi
    thanx guys for ur reply
    but the problem still remains the same , i have done everything that u have said
    this is my new log file after fixing the errors:
    Logfile of HijackThis v1.99.1
    Scan saved at 8:27:09 PM, on 3/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\ups.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
     
  17. swatkat

    swatkat Active Member

    Joined:
    Mar 12, 2004
    Messages:
    2,060
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    Shimoga/ಶಿವಮೊಗ್ಗ
Thread Status:
Not open for further replies.

Share This Page