Spyware

Status
Not open for further replies.
P

psychoe!

Solid State Member
Messages
8
I have a little red circle in my taskbar and I didn't install it. It has put tons of icons on my desktop that I don't want and it has reset my homepage to something like "newgenlook.info". It also has pop ups from that circle.
circle1.JPG

circle2.JPG

circle3.jpg


Here is my Hijack log. Any help is much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:49:09 PM, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Programs\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
E:\Programs\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
E:\Programs\COGECO Security Services\backweb\9867844\Program\fspex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC03.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG03.EXE
E:\Programs\HiJackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0179/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\EandT\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programs\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {42838CC5-D8C6-AF50-B4D5-7388D4CA453D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - E:\Programs\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programs\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
Remove entries at your own risk


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0179/ This entry should be fixed by HijackThis!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\EandT\LOCALS~1\Temp\se.dll/spage.html This entry should be fixed by HijackThis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank If you do not know the entry 'about :blank', delete it.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank If you do not know the entry 'about :blank', delete it

R3 - Default URLSearchHook is missing Should be fixed if you do not know the application or if no application is mentioned.

O2 - BHO: (no name) - {42838CC5-D8C6-AF50-B4D5-7388D4CA453D} - (no file) Entries found in this registry zone are potentially nasty. This application ([42838CC5-D8C6-AF50-B4D5-7388D4CA453D] - Result: ) has been checked Unknown application.
Unnecessary (deactivated) entry that can be fixed.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
Back
Top Bottom