Results 1 to 10 of 33

Thread: Unneccesary POP-UPS!

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Mar 2007
    Posts
    25

    Default Unneccesary POP-UPS!

    This is my log file ... Please help me solving my Pop-ups problem:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:08:10 AM, on 4/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\r_server.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: localhost 127.0.0.1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\jxtcjhaw.dll",setvm
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Smart Evrox] G:\DATA\RUHI\SETUPS\Antivirus\Ewido anti-spyware\crack\evrox.exe e
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
    O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
    O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries...1071_em_XP.cab
    O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/ega...1068_em_XP.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries...1070_em_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BEC42EB-BA12-4486-95CB-09C486D12C4C}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6800B23A-11CF-4B1B-9469-B6721BC82D03}: NameServer = 202.63.174.250 202.63.164.13
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72D08081-EE0E-418E-8ADA-8FAA911BDE68}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{874ACD4D-7918-44A6-91EB-F42461E1551F}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED279D13-8994-40B1-B864-E33A134C786B}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 202.63.174.250,203.115.71.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

  2. #2
    Retired Security Volunteer
    Join Date
    Dec 2006
    Posts
    752

    Default

    Hi, welcome to Safer Networking forums!

    *It is possible that some of the entries are hiding from us, so please rename HijackThis.exe to something like angelfire777.exe

    *Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: localhost 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BEC42EB-BA12-4486-95CB-09C486D12C4C}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72D08081-EE0E-418E-8ADA-8FAA911BDE68}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{874ACD4D-7918-44A6-91EB-F42461E1551F}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED279D13-8994-40B1-B864-E33A134C786B}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 85.255.115.52,85.255.112.85
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85


    Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
    ________________

    *You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/file...Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    At the end of the fix, you may need to restart your computer again. After your computer restarts, a notepad report will immediately open, please post all the contents of that report.

    Finally, please post a fresh HijackThis log, along with the contents of the report.
    Last edited by Shaba; 2007-04-06 at 20:16.
    AngelFire777

    Proud member of UNITE and ASAP since 2006.

  3. #3
    Junior Member
    Join Date
    Mar 2007
    Posts
    25

    Question Unnecessary Pop-ups!

    As asked to do, i am posting the report after installing fixwareout:


    Fixwareout Last edited 4/5/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ypszr" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "daolnwodi" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "lavinraCputeS" Deleted
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further

    inspection.



    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other



    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "kcoldya"="c:\\windows\\system32\\kcoldya.exe kcoldya"
    "SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\jxtcjhaw.dll\",setvm"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "Smart Evrox"="G:\\DATA\\RUHI\\SETUPS\\Antivirus\\Ewido anti-spyware\\crack\\evrox.exe e"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»

    P.S. I am still getting the Pop-ups but lesser amount.

  4. #4
    Junior Member
    Join Date
    Mar 2007
    Posts
    25

    Default Windows Installer 3.1

    I would like to know what is this Windows Installer 3.1. Does it affect the performance of the PC. IF yes shall i unistall it ????? Are the pop-ups coming b'cuz of this ???

  5. #5
    Retired Security Volunteer
    Join Date
    Dec 2006
    Posts
    752

    Default

    Hi, glad to hear things are better but we still have a lot to do..

    I would like to know what is this Windows Installer 3.1. Does it affect the performance of the PC. IF yes shall i unistall it ????? Are the pop-ups coming b'cuz of this ???
    No, without it, you cann't install/uninstall programs in your machine.


    *It is possible that some of the entries are hiding from us, so please rename HijackThis.exe to something like angelfire777.exe

    *1.) Create a folder in the root of your C: drive and name it Blacklight.
    A brief explanation of how to do this can be found HERE.

    2.) Download F-Secure's BlackLight from HERE and save it into the folder you just created.

    3.) Log off from the internet and disconnect your modem cable.

    4.) Go to Start > Run, copy and paste the following into the Text Box and hit OK:
    "C:\Blacklight\fsbl.exe" /expert

    The F-Secure Blacklight Beta window should open.
    • Accept the agreement and click OK.
    • Click the Scan button to begin.
    • Leave the PC idle while the scan takes place.
    • When it has completed, click the Close button.
    • A text file, fsbl-date/time, will be saved in the Blacklight folder, copy and paste this into your next post along with a fresh HijackThis log.
    AngelFire777

    Proud member of UNITE and ASAP since 2006.

  6. #6
    Junior Member
    Join Date
    Mar 2007
    Posts
    25

    Smile Unneccesary POP-UPS!

    This is Blacklight report:

    04/07/07 19:57:50 [Info]: BlackLight Engine 1.0.61 initialized
    04/07/07 19:57:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    04/07/07 19:57:50 [Note]: 7019 4
    04/07/07 19:57:50 [Note]: 7005 0
    04/07/07 19:57:55 [Note]: 7006 0
    04/07/07 19:57:55 [Note]: 7022 0
    04/07/07 19:57:55 [Note]: 7011 3448
    04/07/07 19:57:55 [Note]: 7026 0
    04/07/07 19:57:55 [Note]: 7026 0
    04/07/07 19:57:55 [Note]: 7024 3
    04/07/07 19:57:55 [Info]: Hidden process: C:\windows\system32\kcoldya.exe
    04/07/07 19:57:57 [Note]: FSRAW library version 1.7.1021
    04/07/07 20:00:12 [Info]: Hidden file: c:\WINDOWS\system32\kcoldya.dat
    04/07/07 20:00:12 [Note]: 10002 1
    04/07/07 20:00:12 [Info]: Hidden file: C:\windows\system32\kcoldya.exe
    04/07/07 20:00:12 [Note]: 10002 1
    04/07/07 20:00:12 [Info]: Hidden file: c:\WINDOWS\system32\kcoldya_nav.dat
    04/07/07 20:00:12 [Note]: 10002 1
    04/07/07 20:00:12 [Info]: Hidden file: c:\WINDOWS\system32\kcoldya_navps.dat
    04/07/07 20:00:12 [Note]: 10002 1
    04/07/07 20:01:38 [Note]: 7007 0

    Hijackthis report:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:03:32 PM, on 4/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hijackthis\angelfire777.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {27CA571B-14D3-4937-B387-BE72FA7A0F87} - C:\WINDOWS\system32\wvuuusp.dll (file missing)
    O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
    O2 - BHO: (no name) - {3C1077DF-DE03-4CCC-8C77-D134BB94F610} - C:\WINDOWS\system32\pmkhh.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\iixuxlat.dll
    O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
    O2 - BHO: (no name) - {F2D19700-4241-453D-A8F9-B03431DB275b} - C:\WINDOWS\system32\odhrajkt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\jxtcjhaw.dll",setvm
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Smart Evrox] G:\DATA\RUHI\SETUPS\Antivirus\Ewido anti-spyware\crack\evrox.exe e
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
    O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
    O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries...1071_em_XP.cab
    O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/ega...1068_em_XP.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries...1070_em_XP.cab
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1230EB6C-9F75-485A-BCE8-3CFED8756E34}: NameServer = 202.63.174.250,203.115.71.66
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll
    O20 - Winlogon Notify: wvuuusp - wvuuusp.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

    P.S. How long is this procedure gonna take ???
    One of my friend is also having PC problem.. so i just wanted to know where should she post her thread. Its a bit confusing on this site so plz guide me!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •