Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WildTangent and NewDotNet


  • Please log in to reply

#1
milena

milena

    New Member

  • Member
  • Pip
  • 3 posts
Hi everyone, this is my first post @ Geekstogo, hope I get some good advice here :tazz:

I don't really have any major problems with my computer, I upload virus definitions, windows updates and check for adware regularly.... Today I stumbled upon this website which gave me a few new programs to scan my system with, fighting adware and spyware...

So I do a scan with AdAware, CWShredder and SpyBot S&D and, aside from a few cookies and other stuff from websites I just shouldn't have clicked on, my baby turned out pretty much as clean as can be....

Not until I ran the Spyware Doctor....

It found 342 high and medium risk infections, one of them bein a trojan... In order to fix any of these, I need to register my version - i.e. pay $30


Any thoughts on this? ;)
  • 0

Advertisements


#2
milena

milena

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
this is my spydoctor log

Infection Name Location Risk
NewDotNet multiple High
WildTangent multiple Medium
NewDotNet lsass.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet svchost.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet Smc.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet spoolsv.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet explorer.exe (C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL) High
NewDotNet alg.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet hphmon05.exe (C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL) High
NewDotNet CCAPP.EXE (C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL) High
NewDotNet ViewMgr.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet gnotify.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet rundll32.exe (C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL) High
NewDotNet Weather.exe (C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL) High
NewDotNet dsidebar.exe (C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL) High
NewDotNet wmplayer.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet Netscp.exe (C:\Program Files\NewDotNet\newdotnet6_38.dll) High
NewDotNet C:\Program Files\NewDotNet\newdotnet6_38.dll High
IBIS Toolbar HKLM\software\microsoft\windows\currentversion\run##viewmgr Medium
IPInsight HKLM\software\classes\tldctl2.urllink High
IPInsight HKLM\software\classes\tldctl2.urllink\CLSID High
IPInsight HKLM\software\classes\tldctl2.urllink\CurVer High
IPInsight HKLM\software\classes\tldctl2.urllink.1 High
IPInsight HKLM\software\classes\tldctl2.urllink.1\CLSID High
NewDotNet HKCU\Software\New.net High
NewDotNet HKCR\Tldctl2.URLLink High
NewDotNet HKCR\Tldctl2.URLLink\CLSID High
NewDotNet HKCR\Tldctl2.URLLink\CurVer High
NewDotNet HKCR\Tldctl2.URLLink.1 High
NewDotNet HKCR\Tldctl2.URLLink.1\CLSID High
NewDotNet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net High
NewDotNet HKLM\SOFTWARE\New.net High
NewDotNet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##New.net Startup High
Radlight HKLM\software\classes\tldctl2.urllink\clsid Medium
SaveNow HKLM\software\classes\tldctl2.urllink Medium
SaveNow HKLM\software\classes\tldctl2.urllink\CLSID Medium
SaveNow HKLM\software\classes\tldctl2.urllink\CurVer Medium
Trojan-Dloader-GR HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##Parallel Tasking High
WildTangent HKCR\WildTangent.ActiveLauncher Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer Medium
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1 Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14} Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0} Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0}\TypeLib Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF} Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E} Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866} Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866}\1.0 Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866}\1.0\0 Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866}\1.0\0\win32 Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866}\1.0\FLAGS Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866}\1.0\HELPDIR Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0 Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0 Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32 Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR Medium
WildTangent HKCR\wt3d.wt Medium
WildTangent HKCR\wt3d.wt\CLSID Medium
WildTangent HKCR\wt3d.wt\CurVer Medium
WildTangent HKCR\wt3d.wt\Insertable Medium
WildTangent HKCR\wt3d.wt.1 Medium
WildTangent HKCR\wt3d.wt.1\CLSID Medium
WildTangent HKCR\wtvis.wtvisreceiver Medium
WildTangent HKCR\wtvis.wtvisreceiver\CLSID Medium
WildTangent HKCR\wtvis.wtvisreceiver\CurVer Medium
WildTangent HKCR\wtvis.wtvisreceiver.1 Medium
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID Medium
WildTangent HKCR\wtvis.wtvissender Medium
WildTangent HKCR\wtvis.wtvissender\CLSID Medium
WildTangent HKCR\wtvis.wtvissender\CurVer Medium
WildTangent HKCR\wtvis.wtvissender.1 Medium
WildTangent HKCR\wtvis.wtvissender.1\CLSID Medium
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls##wtControlPanel Medium
Tracking Cookie(s) milena stopic@usnews.vibrantmedia[1].txt Medium
Tracking Cookie(s) milena stopic@ezboard[1].txt Medium
Tracking Cookie(s) milena stopic@webfile[2].txt Medium
Tracking Cookie(s) milena stopic@insightfirst[2].txt Medium
Tracking Cookie(s) milena stopic@13372777[2].txt Medium
Tracking Cookie(s) milena stopic@indextools[1].txt Medium
Tracking Cookie(s) milena stopic@network[1].txt Medium
2nd-thought.com milena stopic@offeroptimizer[2].txt Medium
Tracking Cookie(s) milena stopic@sales.liveperson[1].txt Medium
Tracking Cookie(s) milena stopic@30724777[2].txt Medium
Tracking Cookie(s) milena stopic@www.fandango[1].txt Medium
Tracking Cookie(s) milena stopic@ilead.itrack[1].txt Medium
Specific911 Hijack milena stopic@mygeek[1].txt High
Tracking Cookie(s) milena stopic@c3.gostats[2].txt Medium
Tracking Cookie(s) milena stopic@74613876[2].txt Medium
Tracking Cookie(s) milena stopic@www.worldlingo[1].txt Medium
Tracking Cookie(s) milena stopic@hit.gemius[2].txt Medium
Tracking Cookie(s) milena stopic@yadro[2].txt Medium
Tracking Cookie(s) milena stopic@adriver[1].txt Medium
Tracking Cookie(s) milena stopic@theuseful[1].txt Medium
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID High
NewDotNet HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D} Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Control Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\InprocServer32 Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Insertable Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus\1 Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ProgID Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Programmable Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ToolboxBitmap32 Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\TypeLib Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Version Medium
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\VersionIndependentProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D} Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Control Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\InprocServer32 Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Insertable Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus\1 Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Programmable Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ToolboxBitmap32 Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\TypeLib Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Version Medium
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\VersionIndependentProgID Medium
WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9} Medium
WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\InprocServer32 Medium
WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\ProgID Medium
WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\TypeLib Medium
WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\VersionIndependentProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9} Medium
WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\InprocServer32 Medium
WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\ProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\TypeLib Medium
WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\VersionIndependentProgID Medium
WildTangent HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32 Medium
WildTangent HKLM\Software\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKLM\Software\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32 Medium
WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5} Medium
WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\InprocServer32 Medium
WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\ProgID Medium
WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\TypeLib Medium
WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\VersionIndependentProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5} Medium
WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\InprocServer32 Medium
WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\ProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\TypeLib Medium
WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\VersionIndependentProgID Medium
WildTangent HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32 Medium
WildTangent HKLM\Software\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKLM\Software\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32 Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3} Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Control Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Insertable Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus\1 Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ProgID Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Programmable Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32 Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\TypeLib Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Version Medium
WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\VersionIndependentProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3} Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Control Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Insertable Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus\1 Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ProgID Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Programmable Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32 Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\TypeLib Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Version Medium
WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\VersionIndependentProgID Medium
NewDotNet C:\Program Files\NewDotNet\readme.html High
NewDotNet C:\Program Files\NewDotNet\uninstall6_38.exe High
NewDotNet C:\WINDOWS\NDNuninstall6_38.exe High
WildTangent C:\WINDOWS\wt\data.wts Medium
WildTangent C:\WINDOWS\wt\WDInUsePlugin.dll Medium
WildTangent C:\WINDOWS\wt\wt3d.dll Medium
WildTangent C:\WINDOWS\wt\wt3d.ini Medium
WildTangent C:\WINDOWS\wt\wtvh.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\jDRM0302.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\wtdmmp.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\wtdmmpv.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.1_02\lib\ext\wildtangent.jar Medium
WildTangent C:\Program Files\Java\j2re1.4.1_02\lib\ext\wtdmmpi.jar Medium
Password Detector C:\Program Files\Micro DVD Player\uninstall.exe High
nCASE C:\temp\kyf.dat Medium




and this is my hijack this log

Logfile of HijackThis v1.97.7
Scan saved at 9:49:57 PM, on 3/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\adware programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://students.iit.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.gmail.com"); (C:\Documents and Settings\Milena Stopic\Application Data\Mozilla\Profiles\default\tvlyuztk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Milena Stopic\Application Data\Mozilla\Profiles\default\tvlyuztk.slt\prefs.js)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx


can someone tell me just how bad this is ? how do I get rid of the Trojan Downloader??? The Symantec description didn't work, because I did what they told me to do and I still have the virus...

Pls help!
  • 0

#3
milena

milena

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello people,

I seem to have a problem with numerous registry entries associated with Wild Tangent and NewDotNet adware. I can locate all of them in my registry (there are quite a lof of folders that contain these values) and I'm thinking about just deleting them all. Some of them are of type REG_SZ, others are REG_DWORD and REG_BINARY etc. I have created a backup file of my entire registry, however, I'm rightfully scared of potential damages to my system, in case I delete any of these...

Does anyone have advice on this? Should I or should I not delete this adware from my registry? note - I have uninstalled both programs in the control panel, all that is left of these are the registry entries.

And here is my hijack log, which doesn't seem to bad, as far as I could inspect.

Logfile of HijackThis v1.97.7
Scan saved at 3:18:28 PM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\adware programs\HijackThis.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://students.iit.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.gmail.com"); (C:\Documents and Settings\Milena Stopic\Application Data\Mozilla\Profiles\default\tvlyuztk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Milena Stopic\Application Data\Mozilla\Profiles\default\tvlyuztk.slt\prefs.js)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx

thanks in advance--

Milena
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Topics merged. Please keep all posts in one thread. :tazz:

Click Here download the latest version of Hijack This . It's better able to catch the latest threats.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP