Please help me clean my PC

Discussion in 'adware, spyware & hijack cleaning' started by mitsu456, May 18, 2004.

Thread Status:
Not open for further replies.
  1. mitsu456

    mitsu456 Registered Member

    Joined:
    May 18, 2004
    Posts:
    1
    Hi, my PC is infected with Spyware
    I ran Ad-aware, but that didn't solve the problem.
    So, i ran Spybot.. but noluck, ran hijackthis and here is the log..
    Please review this and could u let me know what to delete.
    Thank u so much..



    Logfile of HijackThis v1.97.7
    Scan saved at 9:45:49 AM, on 5/18/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    E:\WINNT\system32\cisvc.exe
    E:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    E:\Program Files\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
    E:\Program Files\Norton Personal Firewall\NISUM.EXE
    E:\WINNT\system32\regsvc.exe
    E:\WINNT\system32\MSTask.exe
    E:\WINNT\system32\stisvc.exe
    E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    E:\WINNT\System32\WBEM\WinMgmt.exe
    E:\WINNT\System32\mspmspsv.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\Explorer.EXE
    E:\WINNT\System32\inetsrv\inetinfo.exe
    E:\Program Files\Norton Personal Firewall\NISSERV.EXE
    E:\Program Files\BroadJump\Client Foundation\CFD.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    E:\WINNT\SM1BG.EXE
    E:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    E:\Documents and Settings\Mahesh\Desktop\hotfoon4.exe
    E:\Program Files\Norton Personal Firewall\ATRACK.EXE
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    E:\Program Files\Common Files\efax\HotTray.exe
    E:\Program Files\Common Files\efax\Dllcmd32.exe
    E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    E:\Palm\hotsync.exe
    E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    E:\WINNT\system32\cidaemon.exe
    E:\WINNT\system32\cidaemon.exe
    E:\PROGRA~1\WINZIP\winzip32.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\WINNT\system32\ntvdm.exe
    d:\PROGRA~1\SASINS~1\SAS.EXE
    E:\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.xx-pics.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINNT\system32\kkhcmic.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (E:\Documents and Settings\Mahesh\Application Data\Mozilla\Profiles\default\h7pwkvro.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\Mahesh\Application Data\Mozilla\Profiles\default\h7pwkvro.slt\prefs.js)
    O2 - BHO: (no name) - {2F59BC54-4591-4F6E-AB82-1271A58EC05E} - E:\WINNT\system32\kkhcmic.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - E:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [BJCFD] E:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SAClient] "E:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iamapp] E:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus CX5200] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
    O4 - HKLM\..\Run: [SM1BG] E:\WINNT\SM1BG.EXE
    O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [VetTray] E:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\RunServices: [RNBOStart] E:\WINNT\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - HKCU\..\Run: [HOTFOON2] E:\Documents and Settings\Mahesh\Desktop\hotfoon4.exe /h
    O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "E:\Program Files\Netscape\Netscape\Netscp.exe" -aim
    O4 - HKCU\..\Run: [Zero Knowledge Freedom] E:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - Startup: HotSync Manager.lnk = E:\Palm\hotsync.exe
    O4 - Startup: Launch Internet Explorer Browser.lnk = E:\Program Files\Internet Explorer\IEXPLORE.EXE
    O4 - Global Startup: j2 Tray Menu.lnk = E:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = E:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: RealDownload.lnk = E:\Program Files\Real\RealDownload\Realdownload.exe
    O4 - Global Startup: Service Manager.lnk = E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Trading Partner Task Queue.lnk = E:\Program Files\Trading Partner\Code\Tppc.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.