Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Hijack This Log

Started by Bobbaganoosh , May 07 2005 09:38 AM

  • Please log in to reply

#1
Bobbaganoosh
Posted 07 May 2005 - 09:38 AM

Bobbaganoosh

    New Member

  • Member
  • Pip
  • 3 posts
I've gone through all the steps prior to posting this; Running Spybot, CWShredder, Adaware, and McAfee. I cannot get rid of this virus, or trojan, or whatever the [bleep] this is. I believe it might be called Newgen, or Hotoffers? I have a ton of new icons, mostly for [bleep] and other bogus spam, my desktop is a fake blue screen, I cannot right click on the desktop to get the properties of it (I can't edit anything other than resolution and size,) and I get pop-ups for ads and [bleep] every so often. Also I get fake system messages telling me to download and use iGuard. I have noticed that the file for my desktop background is on C:, and a few of the other files for this virus, but I've been reluctant to mess with those, as you guys here probably know best.

Anyways, here is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:31:45 PM, on 5/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\CTHELPER.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {92445AC2-161D-4FAB-A5E5-F5DC027713CA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {92445AC2-161D-4FAB-A5E5-F5DC027713CA} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115453073984
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Any help is greatly appreciated, I've never had a virus before in all these years, it's embarrasing... I should have just gotten all of my system updates immediately upon building this new computer...

Thanks for your time.
  • 0

Advertisements

#2
Bobbaganoosh
Posted 07 May 2005 - 12:45 PM

Bobbaganoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Bumped back up to the front.
  • 0

#3
Bobbaganoosh
Posted 07 May 2005 - 01:24 PM

Bobbaganoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I've gotten rid of it now, I'm sorry if I've wasted anyone's time :tazz:

If anyone else runs into this, here's how to fix it:

1) First you need to press CTRL-ALT-DEL and bring the Task Manager. Go to Processes and look for a file running named BSE.exe or BE.exe. Kill it by selecting it and clicking on End Task. Then delete that file from your root directory along with the .gif file that is being used as your wallpaper. Delete them both.
2) Use My Computer and go to the C: drive. Go to \winnt\Downloaded Program Files. Right click and Remove any of these ActiveX snippets that you are not able to recognize. There were some that I did not remember installing and I deleted them.
3) Restart the computer. You have to boot up your computer in Safe mode with command prompt. In win 2000 you can press F8 will 2000 is loading to bring up the boot menu. It should be option 3. After loading up, you will then type C: to go to the hard drive and then CD C:\winnt\system32 to go to that directory. Then delete all the .ico files and the param32.dll. The param32.dll is what gives you the X in the red circle on your taskbar. It is also responsible for creating the icons on your desktop and opening the newgenlook website on a browser window every few minutes.
4) Restart your computer and delete the icons from your desktop.
4) Afterwards make sure that under Internet Options you place the newgenlook.com and antispy.newgenlook.com website on the restricted sites list so you are not rerouted there without your consent in the future. In fact, you should restrict any site that contains newgenlook just in case.


To get back Desktop Properties:

1) Copy an paste the bold text below into a new file in Notepad and save it as fixdesktop.reg. Make sure File type is set to All Files. Save it to your desktop

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

2) Double click the fixdektop.reg file on your desktop and answer Yes to apply it to the registry.

3) Restart computer.


Copied from the cer8site forums.
  • 0

#4
Hemal
Posted 07 May 2005 - 02:51 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Thats great that you solved your problem, feel free to post back here again if anything else comes back :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP