Help me!! Wat ever it is it refuses to go!!!

[sujithtom]

Hello digit friends. A strange problem forced me to come back to this forum and trust u guys. I hope u will not let me down..

Well the problem is tht when i try to open some site (Yahoo, lvl up forum etc to be clear) i am redirected to a search site(search.domainsponsers.com)

Before u try to answer me read this::
I used all know spyware remover. Tried with Antivirus. Still when it persisted I formatted my hard disk and reinstalled XP and still it is there. So i think only ppl who experienced this can help me out of this hell.

 

[NikhilVerma]

You formatted and reinstalled and still it's there!!!!

Dude which browser are U using??

 

[swatkat]

Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Copy the entire contents of the file and post it this Section.

 

[sujithtom]

You formatted and reinstalled and still it's there!!!!

Dude which browser are U using??

Well thts wat i was saying. I use FireFox and IE 6. Both r experiencing the same problem. To make the problem more @#%$ the search site comes only from afternoon to night. I am free from tht spyware at morning!!!

 

[sujithtom]

Well here goes the HijackThis log file. Hemm if u can understand it

Logfile of HijackThis v1.99.1
Scan saved at 7:30:01 AM, on 4/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Yahoo!\Messenger\YPager.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114691239923
O17 - HKLM\System\CCS\Services\Tcpip\..\{D990255D-EC49-4CAB-8929-B334295751B5}: NameServer = 202.9.145.6 202.9.128.6

Lol anyone who reads this can know wat all addons i have installed

 

[navjotjsingh]

Log file is absolutely clean.

 

[anubhav_har]

Hey man whats this.. never seen a problem like that

 

[swatkat]

Hmm..Log looks clean.
Anyway, do this, go to Start> Run and type regedit and press ENTER.
Then in the RegEdit, navigate to this key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs by clicking the "+" signs infront of the keys. Click on the above mentioned key to select it and go to File menu and click Export, and here give a filename (for ex. aboutlist) and save it.
Open NotePad and go to File> Open and open the above saved file and copy the contents and paste it here.

Similarly export these two branches and save them.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Open them in NotePad and copy-paste their contents here.

 

[ujjwal]

Which ISP do you use? The fact that formatting your PC doesn't help should mean that the problem lies at the Doman Name servers of the ISP ...

Maybe you should tell them about this problem of yours, how long has it lasted?

Also post the contents of your C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS file here, it may have gotten filled with hijacked entries for domain names.

 

[cheetah]

SIMPLY SPYWARE

 

[Deep]

SIMPLY SPYWARE

Simply SPAM, if you do not know the reply then do not post.....

 

[sujithtom]

Lol got it. I just updated my windows. Now the old search website is not coming. Instead tidewinds.com pops up and says tht my DNS is poisoned and they can help me out and stuff. :roll: :roll:

 

[abhinav]

well i use to have the same problem , i just installed yahoo antispyare tooolbr and then got this domian&^$%$# something like there and removed it and then right now i am having no such prob.

ALSO better alternative is to use firefox/opera/netscape!!!!!!!!!!!

 

[sujithtom]

Hem Hem u should have read all my posts. I am having same problem with FireFox