popup problem;..

Status
Not open for further replies.

kumar4141

Broken In
i have win2000 and i m using cable internet but after sometime i got the popup from www.upgrade.org/ it comes in both firefox and IE6 . both browsers stop all other popups from the site which i open but they don't stop it.can anyone tell me how i can solve this........
 

swatkat

Technomancer
these r browser hijackers, that take to thier website...this upgrade.org might be related to a rogue Antispyware Win-Fix, do u have Win-Fix in ur system? if u have it, u uninstall it...

do scan ur pc with these utilities:-
SpyBot SnD
*www.safer-networking.org/en/index.html

AdAware
*www.lavasoftusa.com/software/adaware/

and after these scans post the log file of HijackThis....

learn how to use HijackThis here....
*www.thinkdigit.com/forum/viewtopic.php?t=15729
 

bharathbala2003

why need title?
@kumar get the latest version of HIJACKTHIS and run it.. and paste the log file [url]*www.spychecker.com/program/hijackthis.html
[/url]
 
OP
K

kumar4141

Broken In
i m pasting the log file here:::::

Logfile of HijackThis v1.99.1
Scan saved at 10:23:04 PM, on 3/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *61.16.134.1/auth
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = *server224.smartbotpro.net/7search/?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - *www.gamehouse.com/ghdlctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 

bharathbala2003

why need title?
kumar4141 said:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *61.16.134.1/auth
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = *server224.smartbotpro.net/7search/?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *your-searcher.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - *www.gamehouse.com/ghdlctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

fix the one's with red one's.. @swat i suppose wat i said is rite :D
 
OP
K

kumar4141

Broken In
sorry bharat i couldn't get it what u say..

"fix the red one's"
but i can't see any red mark in the log file that u have shown:
 

bharathbala2003

why need title?
i meant those highlted with brown i gues.. i can c the color in my comp :? the first few lines.. jus select em and click on FIX CHECKED option below..
 

theraven

Technomancer
the first 3 entries u identified are safe


next in 02 dap is identified as spyware .. dont remove it if u want dap to work
use registered dap not the trial !!

next in o2 is the quicksearch entry
the other entries are safe

the one above and below the quicksearch entry are not required since they are missing files u can fix them

the o3 entries u identified rightly !

but u missed out a lot

O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe

these are added due to the BMBOT virus

also this one

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab

and delete this if u dun recognise the ip/domain

O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
 

swatkat

Technomancer
kumar4141 said:
i m pasting the log file here:::::

Logfile of HijackThis v1.99.1
Scan saved at 10:23:04 PM, on 3/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *61.16.134.1/auth
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = *server224.smartbotpro.net/7search/?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\IINCFIN~1.DLL (file missing)

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] WINUPDATE.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] WINUPDATE.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - *www.gamehouse.com/ghdlctl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe


Follow these steps carefully:-

Uninstall these Softwares from Add/Remove Programs in Control Panel (if you find them):-
1] QuickSearch SearchBar
2] NavExel Search Toolbar
3] IncrediFind
4] NavPoint Toolbar

Then boot in SAFE mode only, run HijackThis again and click the button "Do only a System Scan".
Put a CHECK MARK for the entries which are made RED above.Then click Fix.

After this, in SAFE mode only, Delete these files (if you find them), using the Search feature of the Windows:-
1]INCFIN~1.DLL (search for INCFIN*.DLL)
2] QuickSearchBar3_28.dll
3] NavExcelBar.dll
4] QuickSearchBar3_28.dll
5] WINUPDATE.exe
6] related.htm

And also delete these Folders:-
1] INCREDIFIND
2] QuickSearch
3] NavExcel Search Toolbar


After this RESTART the System to Normal Mode, and run CleanUp!
*cleanup.stevengould.org/

You have Rado Trojan (that WINUPDATE.EXE file), you better download Trojan Remover and do a System scan.
*www.simplysup.com/tremover/download.html

Also get McAfee Stinger and do a System Scan.
*vil.nai.com/vil/averttools.asp

Then post a FRESH HijackThis Log again.
 

amitsaudy

Ambassador of Buzz
Run spybot and scan for all adware and spyware.
Install the latest service packs available for ur os.
Install the google toolbar and enable the advanced features(U can trust google).
Or rather get the latest version of Norton internet security .
 
kumar4141 said:
i have win2000 and i m using cable internet but after sometime i got the popup from www.upgrade.org/ it comes in both firefox and IE6 . both browsers stop all other popups from the site which i open but they don't stop it.can anyone tell me how i can solve this........
My Answer
Download Ad-Aware Or Microsoft Spyware ,
Then Scan Your Computer,
See the Result!!!
 
OP
K

kumar4141

Broken In
thanx guys for ur reply
but the problem still remains the same , i have done everything that u have said
this is my new log file after fixing the errors:
Logfile of HijackThis v1.99.1
Scan saved at 8:27:09 PM, on 3/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 
OP
K

kumar4141

Broken In
thanx guys for ur reply
but the problem still remains the same , i have done everything that u have said
this is my new log file after fixing the errors:
Logfile of HijackThis v1.99.1
Scan saved at 8:27:09 PM, on 3/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 
OP
K

kumar4141

Broken In
thanx guys for ur reply
but the problem still remains the same , i have done everything that u have said
this is my new log file after fixing the errors:
Logfile of HijackThis v1.99.1
Scan saved at 8:27:09 PM, on 3/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE provided by AMIT BHUTTAN
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{246EE593-2C11-4FA3-9B23-3EA88E2F581E}: NameServer = 61.16.177.129,61.16.134.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 

swatkat

Technomancer
log file is clean.....but i doubt that Nameserver....
first try these steps:-
install Google Toolbar for IE....
and also install ZoneAlarm Free Firewall, it's very good and very light....

*toolbar.google.com/?promo=gdl-tb-en

*www.zonelabs.com/store/content/com...ily/trial_zaFamily.jsp?lid=home_freedownloads
 
Status
Not open for further replies.
Top Bottom