Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware or something


  • Please log in to reply

#1
psychoe

psychoe

    New Member

  • Member
  • Pip
  • 4 posts
It seems to me that I have tried everything. I have a red circle with a white x on my taskbar (Have a pic if you need to see it). It has popups and such as well as icons on my desktop that I certainly don't want and it took over my homepage to something such as "newgenlook.info". I am pulling out what hair I have left on my head - any help is definately appreciated.

I have used CWShredder, Adaware, Spybot and AVG free. I recently got rid of AVG and started using F-secure from cogeco.ca (my provider). In my virus scan I got this:

Scanning Report
02 May 2005 19:33:38 - 19:34:18
Computer name: TARIK
Target: C:\ D:\ E:\
--------------------------------------------------------------------------------
Result: 2 viruses found
C:\WINDOWS\system32\param32.dll Infection: Trojan-Downloader.Win32.WarSpy.g Action: Renamed.
C:\ntdetect.hta Infection: Trojan-Downloader.VBS.Inor.cj Action: Renamed.
--------------------------------------------------------------------------------
Statistics
Files:
Scanned: 30328
Infected: 2
Suspected: 0
Disinfected: 0
Renamed: 2
Deleted: 0
Not scanned: 4
Boot Sectors:
Scanned: 1
Infected: 0
Suspected: 0
Disinfected: 0
Files not scanned:
Cannot open file C:\pagefile.sys
Cannot open file C:\WINDOWS\system32\config\default
Cannot read from file C:\Documents and Settings\EandT\Local Settings\Temporary Internet Files\Content.IE5\0HYBOPQZ\index[1].php\index[1] [F-Secure Libra]
Cannot open file C:\WINDOWS\system32\param32.dll [F-Secure AVP]
--------------------------------------------------------------------------------
Options
Virus definitions version:
2005-05-02_03
Scanning Engines:
F-Secure AVP: 6.0.167.6190, 2005-05-02
F-Secure Libra: 2.01.10, 2005-05-02
F-Secure Orion: 1.02.33, 2005-05-02
Scanning options:
Files scanned with extensions: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML AVB BAT CEO CMD LSP MAP MHT MIF PHP POT NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2
Scan inside archives: on
Action:
Ask after scan .


I just recently d/l'd Hijackthis and this is the readout I got:

Logfile of HijackThis v1.99.1
Scan saved at 9:51:55 PM, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programs\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
E:\Programs\COGECO Security Services\backweb\9867844\Program\fspex.exe
E:\Programs\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Programs\COGECO Security Services\Common\FSMA32.EXE
E:\Programs\COGECO Security Services\Common\FSMB32.EXE
E:\Programs\COGECO Security Services\Common\FCH32.EXE
E:\Programs\COGECO Security Services\Common\FAMEH32.EXE
E:\Programs\COGECO Security Services\Anti-Virus\fsgk32st.exe
E:\Programs\COGECO Security Services\Anti-Virus\FSGK32.EXE
E:\Programs\COGECO Security Services\Anti-Virus\fssm32.exe
E:\Programs\COGECO Security Services\FWES\Program\fsdfwd.exe
E:\Programs\COGECO Security Services\FSPC\fspc.exe
E:\Programs\COGECO Security Services\Anti-Virus\fsav32.exe
E:\Programs\COGECO Security Services\Common\FSM32.EXE
E:\Programs\COGECO Security Services\FSGUI\fsguiexe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Programs\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0179/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programs\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {42838CC5-D8C6-AF50-B4D5-7388D4CA453D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programs\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programs\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programs\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "E:\Programs\COGECO Security Services\FSGUI\ispnews.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - E:\Programs\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programs\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programs\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Programs\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Programs\COGECO Security Services\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programs\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by psychoe, 02 May 2005 - 07:53 PM.

  • 0

Advertisements


#2
psychoe

psychoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
May have fixed my problem (using THIS THREAD)

Can someone quickly scan and tell me if this is a clean HJT log?

Thx

E!

Logfile of HijackThis v1.99.1
Scan saved at 10:31:48 PM, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programs\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
E:\Programs\COGECO Security Services\Anti-Virus\fsgk32st.exe
E:\Programs\COGECO Security Services\backweb\9867844\Program\fspex.exe
E:\Programs\COGECO Security Services\Anti-Virus\FSGK32.EXE
E:\Programs\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
E:\Programs\COGECO Security Services\Common\FSMA32.EXE
E:\Programs\COGECO Security Services\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
E:\Programs\COGECO Security Services\Common\FSMB32.EXE
E:\Programs\COGECO Security Services\Common\FCH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Programs\COGECO Security Services\Common\FSM32.EXE
E:\Programs\COGECO Security Services\Common\FAMEH32.EXE
E:\Programs\COGECO Security Services\FSPC\fspc.exe
E:\Programs\COGECO Security Services\FWES\Program\fsdfwd.exe
E:\Programs\COGECO Security Services\FSGUI\ispnews.exe
E:\Programs\COGECO Security Services\Anti-Virus\fsav32.exe
E:\Programs\COGECO Security Services\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Programs\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programs\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {42838CC5-D8C6-AF50-B4D5-7388D4CA453D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programs\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programs\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programs\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "E:\Programs\COGECO Security Services\FSGUI\ispnews.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\Programs\COGECO Security Services\FSPC\fspcmsie.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - E:\Programs\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programs\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programs\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Programs\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Programs\COGECO Security Services\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programs\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP