Please help me clean my PC

Discussion in 'adware, spyware & hijack cleaning' started by mitsu456, May 18, 2004.

Thread Status:
Not open for further replies.
  1. mitsu456

    mitsu456 Registered Member

    Joined:
    May 18, 2004
    Posts:
    1
    Hi, my PC is infected with Spyware
    I ran Ad-aware, but that didn't solve the problem.
    So, i ran Spybot.. but noluck, ran hijackthis and here is the log..
    Please review this and could u let me know what to delete.
    Thank u so much..



    Logfile of HijackThis v1.97.7
    Scan saved at 9:45:49 AM, on 5/18/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    E:\WINNT\system32\cisvc.exe
    E:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    E:\Program Files\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
    E:\Program Files\Norton Personal Firewall\NISUM.EXE
    E:\WINNT\system32\regsvc.exe
    E:\WINNT\system32\MSTask.exe
    E:\WINNT\system32\stisvc.exe
    E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    E:\WINNT\System32\WBEM\WinMgmt.exe
    E:\WINNT\System32\mspmspsv.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\Explorer.EXE
    E:\WINNT\System32\inetsrv\inetinfo.exe
    E:\Program Files\Norton Personal Firewall\NISSERV.EXE
    E:\Program Files\BroadJump\Client Foundation\CFD.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    E:\WINNT\SM1BG.EXE
    E:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    E:\Documents and Settings\Mahesh\Desktop\hotfoon4.exe
    E:\Program Files\Norton Personal Firewall\ATRACK.EXE
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    E:\Program Files\Common Files\efax\HotTray.exe
    E:\Program Files\Common Files\efax\Dllcmd32.exe
    E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    E:\Palm\hotsync.exe
    E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    E:\WINNT\system32\cidaemon.exe
    E:\WINNT\system32\cidaemon.exe
    E:\PROGRA~1\WINZIP\winzip32.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\WINNT\system32\ntvdm.exe
    d:\PROGRA~1\SASINS~1\SAS.EXE
    E:\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.xx-pics.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (E:\Documents and Settings\Mahesh\Application Data\Mozilla\Profiles\default\h7pwkvro.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\Mahesh\Application Data\Mozilla\Profiles\default\h7pwkvro.slt\prefs.js)
    O2 - BHO: (no name) - {2F59BC54-4591-4F6E-AB82-1271A58EC05E} - E:\WINNT\system32\kkhcmic.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - E:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [BJCFD] E:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SAClient] "E:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iamapp] E:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus CX5200] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
    O4 - HKLM\..\Run: [SM1BG] E:\WINNT\SM1BG.EXE
    O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [VetTray] E:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\RunServices: [RNBOStart] E:\WINNT\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - HKCU\..\Run: [HOTFOON2] E:\Documents and Settings\Mahesh\Desktop\hotfoon4.exe /h
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "E:\Program Files\Netscape\Netscape\Netscp.exe" -aim
    O4 - HKCU\..\Run: [Zero Knowledge Freedom] E:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - Startup: HotSync Manager.lnk = E:\Palm\hotsync.exe
    O4 - Startup: Launch Internet Explorer Browser.lnk = E:\Program Files\Internet Explorer\IEXPLORE.EXE
    O4 - Global Startup: j2 Tray Menu.lnk = E:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = E:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: RealDownload.lnk = E:\Program Files\Real\RealDownload\Realdownload.exe
    O4 - Global Startup: Service Manager.lnk = E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Trading Partner Task Queue.lnk = E:\Program Files\Trading Partner\Code\Tppc.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
Thread Status:
Not open for further replies.