A Help is Greatly Appreciated !

Discussion in 'adware, spyware & hijack cleaning' started by sainath, Jul 7, 2004.

Thread Status:
Not open for further replies.
  1. sainath

    sainath Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    1
    Hello Sir ,

    I found Some Spywares , i used free Version of Spyware Begone ! and it listed some of the Suspected spywares like this ....... and I was Using Spyware Blaster 3.1 and until this happened it was fine , but now I open it i get a message as "this program has been damaged , possibly by bad sector of the hard drive or a virus , please reinstall " ! Even though I ReInstalled the Problem was Still there :( :( :(


    Produced by ------- KIND -------- FOUND ON
    Alexa -------- Adware -------- Registry
    CWS -------- Browser HiJacker -------- Registry
    Cydoor -------- Browser Helper Object -------- Hard Disk
    DyFuca -------- Dailer -------- Hard Disk
    Dyfuca -------- Dailer -------- Registry
    eAccelaration -------- parasite -------- Registry
    IpInsight -------- Browser Helper Object -------- Hard Disk
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry
    Spyware Trusted Zone -------- Browser HiJacker -------- Registry

    yeah like that 7 are there !!!

    I am New to this , sorry if i have done anything worng :(
    but Please , Help me and direct what should i do Sir . I will do it Exactly you Direct :)

    thanks for any help


    and My LOG is here

    Logfile of HijackThis v1.97.7
    Scan saved at 4:17:50 AM, on 7/8/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\hfp.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    D:\WINNT\system32\regsvc.exe
    D:\Program Files\Norton AntiVirus\SAVScan.exe
    D:\WINNT\system32\MSTask.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\Explorer.EXE
    D:\WINNT\system32\pctspk.exe
    D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Documents and Settings\sainath\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\sainath\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\sainath\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\sainath\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\sainath\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\sainath\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\sainath\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 159.115.100.160:8000
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - D:\Program Files\GoZilla\GoIEHlp.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Internet Download Accelerator] D:\Program Files\IDA\ida.exe -autorun
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - Global Startup: 24Online Client.lnk = D:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/controls/iptdweb/ikcntrls.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6A226AA-C170-40B6-91ED-6924870A2CFC}: NameServer = 172.16.0.1
     
Thread Status:
Not open for further replies.