help with host of hijacker and spyware probs pls

Discussion in 'adware, spyware & hijack cleaning' started by cameronst, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. cameronst

    cameronst Registered Member

    Joined:
    Apr 2, 2004
    Posts:
    6
    Grettings,

    I am suffering from a variety of popups, spy/malware, hijacker and downloader problems.

    I have run updated versions of adaware and spybot but each time I reconnect to the internet i get some 150 new objects detected. There are several that could not be removed (broadcastPC, VX2.betterinternet, TVMedia, and Ezula come to mind). I aslo appear to be downloading new programs on a regular basis whenever connected to the internet. AVG antivirus free version aslo encountered several problems it was unable to deal with.

    I ran hijackthis and am posting a log below.

    I attempted to fix some of the obvious problems such as search hooks but hijackthis appears unable to delete them.

    Your help is most appreciated,

    Cam


    Hijackthis log:
    ___________________________

    Logfile of HijackThis v1.97.7
    Scan saved at 12:33:57 PM, on 6/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\PROGRA~1\eZula\mmod.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Downloaded Program Files\screload-mamma.exe
    C:\Steve\backup\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\steve cameron\Application Data\Mozilla\Profiles\default\0vkv7ql8.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\steve cameron\Application Data\Mozilla\Profiles\default\0vkv7ql8.slt\prefs.js)
    O1 - Hosts: 69.20.16.183 #eautosearch
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. cameronst

    cameronst Registered Member

    Joined:
    Apr 2, 2004
    Posts:
    6
    I believe I have cleaned up all the problems on my own using vx2finder to get rid of a vx2 virus and a variety of tools to rid myself of the about:blank hijack (reglite and findnfix to identify the hidden dll and winfile and killbox to make it accessible and finally delete it).

    I appreciate the hard work that the volunteers put in here to help all of us with our problems and am posting here so that their time can be directed elsewhere and in hopes that my experience can help others.

    I am including an updated HJT log below.

    cheers,

    Cam

    ________________

    Logfile of HijackThis v1.97.7
    Scan saved at 12:12:06 AM, on 6/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Steve\Security\HJT\HijackThis.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
     
Thread Status:
Not open for further replies.