I tried to remove the spyware using spybot. It worked to some extent but could not clean completely. Then tried HJT. Here is my hjt log.. Can you please help me with this.

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:29:32 PM, on 4/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Media Pass\MediaPass.exe
D:\Program Files\ZoniacResumeParser\ResumeParser.exe
C:\WINNT\explorer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/271/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet.vsnl.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by VSNL Internet Service
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {637B21D3-AB99-4F18-928A-3B84AFC0B27C} - C:\WINNT\system32\dskrfuoui.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.internet.vsnl.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sarasnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EDC808-A387-456D-9A25-C490E31AB0C0}: NameServer = 202.88.130.67,202.88.174.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sarasnet.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sarasnet.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O18 - Filter: text/html - {7DC5A74A-563A-4130-B40D-A290123F7348} - C:\WINNT\system32\dskrfuoui.dll
O18 - Filter: text/plain - {7DC5A74A-563A-4130-B40D-A290123F7348} - C:\WINNT\system32\dskrfuoui.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

MH

First, download, install, and run CleanUp! (so the scan won't take as long because cleanup will clear temporary files)

Then, please download Ewido Security Suite, install it, then be sure to update it (it won't scan until it's updated). Let it scan your computer (it may take a little while). Post the results from the scan. along with a new HiJackThis log.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.