Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spywareguard alert + new favorites [RESOLVED]


  • This topic is locked This topic is locked

#1
griet

griet

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

After browsing the net yesterday evening I had problems shutting down my PC.
When I restarted, spywareguard gave me a number of alerts, asking me if I would like to replace my current homepage a.o..
The first time I didn't accept these changes, but starting programs was impossible.
I rstarted in save mode, and started adaware (after downloading updates), but the program blocked.
I now restarted (not in save mode) and accepted the changes (had tot do a.o. with setting the homepage to security2k.com).
Many object are added to my 'favorites'-list, so I suspect that there is somethng seriously wrong.

I added my hijackthis logfile.

Thx for helping.

Logfile of HijackThis v1.99.1
Scan saved at 9:22:06, on 16/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\jorgen\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp841F.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\ihkcx.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\system32\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [dmkhy.exe] C:\WINNT\system32\dmkhy.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = domrim.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download smitRem at http://noahdfear.gee.../click.php?id=1 and save the file to your desktop.

Please download Ewido Security Suite at http://www.ewido.net/en/download/ and read the Ewido setup instructions at http://rstones12.gee.../ewidosetup.htm. Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.gee...areSE_setup.htm. Otherwise, check for updates. Don't run it yet!

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp841F.tmp
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\ihkcx.dll (file missing)
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\system32\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [dmkhy.exe] C:\WINNT\system32\dmkhy.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe

Do you recognize the following IP address? If not, fix them in HijackThis also:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 69.50.168.179,85.255.112.22


Delete these if found:

C:\WINNT\system32\hp841F.tmp
C:\WINNT\system32\ihkcx.dll
clfmon.exe
C:\WINNT\system32\msmsgs.exe
C:\WINNT\system32\intell32.exe
C:\WINNT\system32\dmkhy.exe


Run the smitRem.exe tool you downloaded earlier. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

* Click on scanner.
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If Ewido detects a file you KNOW to be legitimate, select none as the action.
* Do NOT select 'Perform action on all infections'.
* If you are unsure of any entry found, select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop.

Close Ewido.

Next go to Control Panel->Display->Desktop (or Appearance)->Customize Desktop->Web-> Uncheck 'Security Info' if present.

Reboot back into Windows and go to http://www.pandasoft.../activescan.htm to do a full system scan. Make sure the autoclean box is checked. Save the scan log.

Then post the Panda log here along with the logs for HijackThis, smitfiles.txt and Ewido.
  • 0

#3
griet

griet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi again,

thx for the helpful advise.
a few remarks:
-i couldn't install ewido (because my evaluation period was over or something like that) but i did an online ewido system scan istead;
-my system isn't 98 but 2000 (sorry for the wrong info);
-i have spyware doctor on my pc, so i attach that logfile also (thought it couldn't hurt anyway);
-i failed to do the pandasoftware download, even after rebooting and closing spywaredoctor, so i can't join that logfile;
-in the hijackthis logfile the adress: 04-hklm\..\run:(dmkhy.exe)c:\winn\system32\dmkhy.exe wasn't found, instead, as you can see there is a likewise adress ...dmxoq...
-i didn't really understand the thing about the IP adresses: the adressses you asked for aren't on the logfile, i suppose it's ok?;

here are the files:

__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.SBSoft
Path: HKLM\SOFTWARE\Classes\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}
Risk: High

Name: Spyware.Hijacker.Generic
Path: C:\Documents and Settings\jorgen\Bureaublad\backups\backup-20050919-101523-664.dll
Risk: High

Name: Trojan.Agent.bi
Path: C:\WINNT\Patroon.bmp:pqbhhj
Risk: High

Name: TrojanDownloader.Agent.bq
Path: C:\WINNT\Prairie.bmp:hqmmjt
Risk: High

Name: TrojanDownloader.Agent.bq
Path: C:\WINNT\Rhododendron.bmp:nebbx
Risk: High

Name: TrojanDownloader.Small.azk
Path: C:\WINNT\system32:leaa.dll
Risk: High

Name: Spyware.FindSpy
Path: C:\WINNT\system32\bndmod.exe
Risk: High

Name: Dialer.Generic
Path: C:\WINNT\system32\dgprpsetup.exe
Risk: High

Name: Spyware.Msnagent
Path: C:\WINNT\system32\hlmicro.exe
Risk: High









Logfile of HijackThis v1.99.1
Scan saved at 11:45:07, on 19/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jorgen\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dmivg.exe] C:\WINNT\system32\dmivg.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = domrim.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe








Spyware Doctor Activity Report
Generated on 19/09/2005 11:19:06 Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 19/09/2005 11:19:14
scan stop: 19/09/2005 11:20:20
scanned items: 13024
found items: 413
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Disk Scanner



Infection Name Location Risk
C-Dilla HKLM\software\c-dilla Info
C-Dilla HKLM\software\c-dilla## Info
C-Dilla HKLM\software\c-dilla\Licences Info
C-Dilla HKLM\software\c-dilla\Licences## Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000 Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000## Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000\Reference.Count Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000\Reference.Count## Info
C-Dilla HKLM\software\c-dilla\Products Info
C-Dilla HKLM\software\c-dilla\Products## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Installation.Date.And.Time Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Installation.Date.And.Time## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Licence.Numbers Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Licence.Numbers## Info
C-Dilla HKLM\software\c-dilla\RTS Info
C-Dilla HKLM\software\c-dilla\RTS## Info
C-Dilla HKLM\software\c-dilla\RTS\Installation.Date.And.Time Info
C-Dilla HKLM\software\c-dilla\RTS\Installation.Date.And.Time## Info
C-Dilla HKLM\software\c-dilla\RTS\Version Info
C-Dilla HKLM\software\c-dilla\RTS\Version## Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms## Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms##DisplayName Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms##UninstallString Info
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc## High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##SlowInfoCache High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##Changed High
Search Toolbar HKLM\SOFTWARE\SearchToolbar Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar## Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar## Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar##Version Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar##OptdateTest Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls## Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls##http://fastsearchweb.com/tool/second_part.avi Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls##http://69.50.164.123/tool/spview.exe Elevated
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}## Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FriendlyName Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##CLSID Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FilterData Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##Version Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##Version Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##Version Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##Version Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##Version Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib##Version Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib##Version Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib##Version Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib##Version Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib##Version Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib##Version Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib##Version Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib##Version Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib##Version Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib##Version Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib##Version Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib##Version Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib##Version Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib##Version Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib##Version Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib##Version Medium
WildTangent HKCR\wdmhhost.wthoster Medium
WildTangent HKCR\wdmhhost.wthoster## Medium
WildTangent HKCR\wdmhhost.wthoster\CLSID Medium
WildTangent HKCR\wdmhhost.wthoster\CLSID## Medium
WildTangent HKCR\wdmhhost.wthoster\CurVer Medium
WildTangent HKCR\wdmhhost.wthoster\CurVer## Medium
WildTangent HKCR\wdmhhost.wthoster.1 Medium
WildTangent HKCR\wdmhhost.wthoster.1## Medium
WildTangent HKCR\wdmhhost.wthoster.1\CLSID Medium
WildTangent HKCR\wdmhhost.wthoster.1\CLSID## Medium
WildTangent HKCR\wt.wtmultiplayer Medium
WildTangent HKCR\wt.wtmultiplayer## Medium
WildTangent HKCR\wt.wtmultiplayer\CLSID Medium
WildTangent HKCR\wt.wtmultiplayer\CLSID## Medium
WildTangent HKCR\wt.wtmultiplayer\CurVer Medium
WildTangent HKCR\wt.wtmultiplayer\CurVer## Medium
WildTangent HKCR\wt.wtmultiplayer.1 Medium
WildTangent HKCR\wt.wtmultiplayer.1## Medium
WildTangent HKCR\wt.wtmultiplayer.1\CLSID Medium
WildTangent HKCR\wt.wtmultiplayer.1\CLSID## Medium
WildTangent HKCR\wt3d.wt Medium
WildTangent HKCR\wt3d.wt## Medium
WildTangent HKCR\wt3d.wt\CLSID Medium
WildTangent HKCR\wt3d.wt\CLSID## Medium
WildTangent HKCR\wt3d.wt\CurVer Medium
WildTangent HKCR\wt3d.wt\CurVer## Medium
WildTangent HKCR\wt3d.wt\Insertable Medium
WildTangent HKCR\wt3d.wt\Insertable## Medium
WildTangent HKCR\wt3d.wt.1 Medium
WildTangent HKCR\wt3d.wt.1## Medium
WildTangent HKCR\wt3d.wt.1\CLSID Medium
WildTangent HKCR\wt3d.wt.1\CLSID## Medium
WildTangent HKCR\wtvis.wtvisreceiver Medium
WildTangent HKCR\wtvis.wtvisreceiver## Medium
WildTangent HKCR\wtvis.wtvisreceiver\CLSID Medium
WildTangent HKCR\wtvis.wtvisreceiver\CLSID## Medium
WildTangent HKCR\wtvis.wtvisreceiver\CurVer Medium
WildTangent HKCR\wtvis.wtvisreceiver\CurVer## Medium
WildTangent HKCR\wtvis.wtvisreceiver.1 Medium
WildTangent HKCR\wtvis.wtvisreceiver.1## Medium
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID Medium
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID## Medium
WildTangent HKCR\wtvis.wtvissender Medium
WildTangent HKCR\wtvis.wtvissender## Medium
WildTangent HKCR\wtvis.wtvissender\CLSID Medium
WildTangent HKCR\wtvis.wtvissender\CLSID## Medium
WildTangent HKCR\wtvis.wtvissender\CurVer Medium
WildTangent HKCR\wtvis.wtvissender\CurVer## Medium
WildTangent HKCR\wtvis.wtvissender.1 Medium
WildTangent HKCR\wtvis.wtvissender.1## Medium
WildTangent HKCR\wtvis.wtvissender.1\CLSID Medium
WildTangent HKCR\wtvis.wtvissender.1\CLSID## Medium
WildTangent HKLM\SOFTWARE\Microsoft\Java VM##ClassPath Medium

Scan Results:
scan start: 19/09/2005 11:20:41
scan stop: 19/09/2005 11:30:52
scanned items: 45976
found items: 445
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Disk Scanner



Infection Name Location Risk
C-Dilla HKLM\software\c-dilla Info
C-Dilla HKLM\software\c-dilla## Info
C-Dilla HKLM\software\c-dilla\Licences Info
C-Dilla HKLM\software\c-dilla\Licences## Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000 Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000## Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000\Reference.Count Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000\Reference.Count## Info
C-Dilla HKLM\software\c-dilla\Products Info
C-Dilla HKLM\software\c-dilla\Products## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Installation.Date.And.Time Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Installation.Date.And.Time## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Licence.Numbers Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Licence.Numbers## Info
C-Dilla HKLM\software\c-dilla\RTS Info
C-Dilla HKLM\software\c-dilla\RTS## Info
C-Dilla HKLM\software\c-dilla\RTS\Installation.Date.And.Time Info
C-Dilla HKLM\software\c-dilla\RTS\Installation.Date.And.Time## Info
C-Dilla HKLM\software\c-dilla\RTS\Version Info
C-Dilla HKLM\software\c-dilla\RTS\Version## Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms## Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms##DisplayName Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms##UninstallString Info
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc## High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##SlowInfoCache High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##Changed High
Search Toolbar HKLM\SOFTWARE\SearchToolbar Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar## Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar## Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar##Version Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar##OptdateTest Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls## Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls##http://fastsearchweb.com/tool/second_part.avi Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls##http://69.50.164.123/tool/spview.exe Elevated
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}## Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FriendlyName Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##CLSID Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FilterData Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##Version Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##Version Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##Version Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##Version Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##Version Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}## Medium
WildTangent H
  • 0

#4
griet

griet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
the last bit seems to hve got lost?

here is the result of the smitrem check:


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :tazz:





and another try for the rest of the doctor logfile:




Infection Name Location Risk
C-Dilla HKLM\software\c-dilla Info
C-Dilla HKLM\software\c-dilla## Info
C-Dilla HKLM\software\c-dilla\Licences Info
C-Dilla HKLM\software\c-dilla\Licences## Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000 Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000## Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000\Reference.Count Info
C-Dilla HKLM\software\c-dilla\Licences\b0148000\Reference.Count## Info
C-Dilla HKLM\software\c-dilla\Products Info
C-Dilla HKLM\software\c-dilla\Products## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Installation.Date.And.Time Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Installation.Date.And.Time## Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Licence.Numbers Info
C-Dilla HKLM\software\c-dilla\Products\3dsmax.exe\Licence.Numbers## Info
C-Dilla HKLM\software\c-dilla\RTS Info
C-Dilla HKLM\software\c-dilla\RTS## Info
C-Dilla HKLM\software\c-dilla\RTS\Installation.Date.And.Time Info
C-Dilla HKLM\software\c-dilla\RTS\Installation.Date.And.Time## Info
C-Dilla HKLM\software\c-dilla\RTS\Version Info
C-Dilla HKLM\software\c-dilla\RTS\Version## Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms## Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms##DisplayName Info
C-Dilla HKLM\software\microsoft\windows\currentversion\uninstall\lms##UninstallString Info
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc## High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##SlowInfoCache High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##Changed High
Search Toolbar HKLM\SOFTWARE\SearchToolbar Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar## Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar## Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar##Version Elevated
Search Toolbar HKLM\SOFTWARE\SearchToolbar\Toolbar##OptdateTest Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls## Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls##http://fastsearchweb.com/tool/second_part.avi Elevated
Trojan.Downloader.FQ HKLM\SOFTWARE\Microsoft\Internet Explorer\Urls##http://69.50.164.123/tool/spview.exe Elevated
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}## Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FriendlyName Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##CLSID Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FilterData Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib## Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##Version Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib## Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##Version Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib## Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##Version Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib## Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##Version Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib## Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##Version Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib## Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib##Version Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib## Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib##Version Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib## Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib##Version Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib## Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib##Version Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib## Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib##Version Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib## Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib##Version Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib## Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib##Version Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib## Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib##Version Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib## Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib##Version Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib## Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib##Version Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib## Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib##Version Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib## Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib##Version Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib## Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib##Version Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib## Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib##Version Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib## Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib##Version Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib## Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib## Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib## Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib##Version Medium
WildTangent HKCR\wdmhhost.wthoster Medium
WildTangent HKCR\wdmhhost.wthoster## Medium
WildTangent HKCR\wdmhhost.wthoster\CLSID Medium
WildTangent HKCR\wdmhhost.wthoster\CLSID## Medium
WildTangent HKCR\wdmhhost.wthoster\CurVer Medium
WildTangent HKCR\wdmhhost.wthoster\CurVer## Medium
WildTangent HKCR\wdmhhost.wthoster.1 Medium
WildTangent HKCR\wdmhhost.wthoster.1## Medium
WildTangent HKCR\wdmhhost.wthoster.1\CLSID Medium
WildTangent HKCR\wdmhhost.wthoster.1\CLSID## Medium
WildTangent HKCR\wt.wtmultiplayer Medium
WildTangent HKCR\wt.wtmultiplayer## Medium
WildTangent HKCR\wt.wtmultiplayer\CLSID Medium
WildTangent HKCR\wt.wtmultiplayer\CLSID## Medium
WildTangent HKCR\wt.wtmultiplayer\CurVer Medium
WildTangent HKCR\wt.wtmultiplayer\CurVer## Medium
WildTangent HKCR\wt.wtmultiplayer.1 Medium
WildTangent HKCR\wt.wtmultiplayer.1## Medium
WildTangent HKCR\wt.wtmultiplayer.1\CLSID Medium
WildTangent HKCR\wt.wtmultiplayer.1\CLSID## Medium
WildTangent HKCR\wt3d.wt Medium
WildTangent HKCR\wt3d.wt## Medium
WildTangent HKCR\wt3d.wt\CLSID Medium
WildTangent HKCR\wt3d.wt\CLSID## Medium
WildTangent HKCR\wt3d.wt\CurVer Medium
WildTangent HKCR\wt3d.wt\CurVer## Medium
WildTangent HKCR\wt3d.wt\Insertable Medium
WildTangent HKCR\wt3d.wt\Insertable## Medium
WildTangent HKCR\wt3d.wt.1 Medium
WildTangent HKCR\wt3d.wt.1## Medium
WildTangent HKCR\wt3d.wt.1\CLSID Medium
WildTangent HKCR\wt3d.wt.1\CLSID## Medium
WildTangent HKCR\wtvis.wtvisreceiver Medium
WildTangent HKCR\wtvis.wtvisreceiver## Medium
WildTangent HKCR\wtvis.wtvisreceiver\CLSID Medium
WildTangent HKCR\wtvis.wtvisreceiver\CLSID## Medium
WildTangent HKCR\wtvis.wtvisreceiver\CurVer Medium
WildTangent HKCR\wtvis.wtvisreceiver\CurVer## Medium
WildTangent HKCR\wtvis.wtvisreceiver.1 Medium
WildTangent HKCR\wtvis.wtvisreceiver.1## Medium
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID Medium
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID## Medium
WildTangent HKCR\wtvis.wtvissender Medium
WildTangent HKCR\wtvis.wtvissender## Medium
WildTangent HKCR\wtvis.wtvissender\CLSID Medium
WildTangent HKCR\wtvis.wtvissender\CLSID## Medium
WildTangent HKCR\wtvis.wtvissender\CurVer Medium
WildTangent HKCR\wtvis.wtvissender\CurVer## Medium
WildTangent HKCR\wtvis.wtvissender.1 Medium
WildTangent HKCR\wtvis.wtvissender.1## Medium
WildTangent HKCR\wtvis.wtvissender.1\CLSID Medium
WildTangent HKCR\wtvis.wtvissender.1\CLSID## Medium
WildTangent HKLM\SOFTWARE\Microsoft\Java VM##ClassPath Medium
Known Bad Sites C:\Documents and Settings\jorgen\Favorieten\adultgambling.url High
Known Bad Sites C:\Documents and Settings\jorgen\Favorieten\play adult-poker.url High
Known Bad Sites C:\Documents and Settings\jorgen\Favorieten\free online dating.url High
Known Bad Sites C:\Documents and Settings\jorgen\Favorieten\xxx personal photos.url High
WareOut HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{BF69DF00-2734-477F-8257-27CD04F88779} Elevated
C-Dilla C:\C_DILLA Info
C-Dilla C:\C_DILLA\B0148000.DAT Info
C-Dilla C:\C_DILLA\setup Info
C-Dilla C:\C_DILLA\setup\cdains16.dll Info
C-Dilla C:\C_DILLA\setup\cdains32.dll Info
C-Dilla C:\C_DILLA\setup\cdremove.exe Info
C-Dilla C:\C_DILLA\setup\cdunin16.exe Info
Fresh Bar C:\Documents and Settings\jorgen\Favorieten\Free Online Dating.url Medium
Fresh Bar C:\Documents and Settings\jorgen\Favorieten\Spyware Uninstall.url Medium
WareOut C:\Program Files\WareOut Elevated
C-Dilla C:\WINNT\CDILLA05.DLL Info
C-Dilla C:\WINNT\CDILLA10.EXE Info
C-Dilla C:\WINNT\CDILLA13.DLL Info
C-Dilla C:\WINNT\CDILLA32.DLL Info
C-Dilla C:\WINNT\CDILLA40.DLL Info
C-Dilla C:\WINNT\CDILLA64.EXE Info
Trojan.Fake Warning C:\WINNT\help\CHMRedir.chm Elevated
CWS C:\WINNT\ojkdb.dat High
CWS C:\WINNT\phgob.dat High
CWS C:\WINNT\system32\bdjtj.txt High
CWS C:\WINNT\system32\bpzfk.log High
CWS C:\WINNT\system32\gewrz.log High
CWS C:\WINNT\system32\hlkrt.txt High
CWS C:\WINNT\system32\vyykg.txt High
CWS C:\WINNT\system32\xuxsk.log High
CWS C:\WINNT\system32\yxypj.log High
CWS C:\WINNT\tsiwd.txt


thx.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I really don't need the SpywareDoctor log. I don't use it nor do I advise users to get it. See if it removes what it finds.

For those IP addresses, do you recognize them though? If you don't recognize them, then fix them in Normal Mode (if it doesn't show up in Safe Mode):

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 69.50.168.179,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 69.50.168.179,85.255.112.22


Make sure you shutdown Norton/Symantec Antivirus and try running Panda again.

You should be able to install Ewido. Don't know what's wrong there. Ewido has a 14 day trial period and after that period, it automatically becomes the free version. Get the free version from the main site then :tazz:

Did the online scan at Ewido delete those files found? If not, I want you to delete them now (or in Safe Mode if they give you problems deleting).

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [dmivg.exe] C:\WINNT\system32\dmivg.exe


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINNT\system32\dmivg.exe

Run Ewido and save the log.

Restart and run a new HijackThis scan. Save the log file and post it here along with the Ewido log.
  • 0

#6
griet

griet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
you're right, imanaged to install ewido from the main website.

i don't see the ... dmivg.exe file you want me to fix, but i see that instead of the ... dmxoq.exe file (which isn't there anymore, wthout me removing it manually), there is now another file, adress:
c:\winnt\system32\dmryy.exe. should i remove that file (and fix the corresponding line in the hijackthis logfile)?

the IP-adreses aren't there, instead there are three other adresses which look similar, apart from the server name (begins with 85. ...), i guess it's no good fixing these adresses?

i already removed the files found by the online ewido-scan before.

the logfiles:


---------------------------------------------------------
ewido security suite - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 9:50:12, 20/09/2005
+ Rapport samenvatting: 3DE94B70

+ Scan resultaten:

Geen geinfecteerde bestanden gevonden!


::Einde rapport



Logfile of HijackThis v1.99.1
Scan saved at 9:54:35, on 20/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\jorgen\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dmpva.exe] C:\WINNT\system32\dmpva.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = domrim.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

thanks for the advises,

by the way, should i remove the spyware doctor program, i mean: does it do any good (sonce i can only use it to perform scans and not fix the problems)?
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, fix whatever the new name for that O4 entry is now. It might change back to the other one also, so just fix it and then delete whatever new name it has.

Right now it's:

O4 - HKLM\..\Run: [dmpva.exe] C:\WINNT\system32\dmpva.exe

So fix and delete that file.

If you don't recognize the IP address, then fix those O17 entries with the IP. But if you know what they are, then leave them alone.

Glad you asked. Spyware Doctor has been known in the past to be a "fake" antispyware program. It actually caused more problems (lots of false positives). It has been said to "change" their ways since then. I still don't trust them, so I don't ask any users to buy their program. But that's your decision. I saw use the free programs like Ad-aware and Spybot. Trust me, there isn't a single program out there than can remove ALL the spyware junk out there. Free or not, we will help you remove it :tazz:

When you are done, restart and post a new HijackThis log.
  • 0

#8
griet

griet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
the 'thing' was still there, but now named "dmppz". i fixed it, but couldn't remove the file "c:\winnt\system32\dmppz.exe".
i logged in in safe mode, but the file wasn't in the log (not even by another name), nor in the c:\winnt\system32 - map.

even after restarting in normal mode, i couldn't spot a likewise log or fie, so i suppose i got rid of it.

the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:14:50, on 21/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE
C:\Documents and Settings\jorgen\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = domrim.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

thx
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It looks like it's gone like you said....for now.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

I suggest hanging on for a few more days to see how it goes. If no problems arise, come back here and reply back with an ok. I will close the topic then :tazz:
  • 0

#10
griet

griet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The tutorial was very helpful, thanks!
No more problems as far as I'm concerned.
I post the hijacktihs logfile anyway, to make sure.
I gues you can close the topic, then.

many thanks for your time and patience!

ogfile of HijackThis v1.99.1
Scan saved at 9:42:45, on 26/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\jorgen\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\render\Bureaublad\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACDACD7-CFF1-4566-B45D-D2B8CC080F56}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F246A21-3453-4629-87C8-B94876BE29D9}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED223E27-9986-419F-AE69-FD0943964AFF}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domrim.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = domrim.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP