HJT log - Urgent - Keylogger HELP IM BEING HACKED

jabraulter · April 16, 2005

Infection Name Location Risk

Codename Alvin multiple High

Internet Explorer Security Settings multiple Info

CasinoOnNet HKCU\Software\casinoonnet Medium

CasinoOnNet HKCU\Software\casinoonnet\casino Medium

CasinoOnNet HKCU\Software\casinoonnet\casino\init Medium

CasinoOnNet HKCU\Software\casinoonnet\casino\SDL Medium

CasinoOnNet HKCU\Software\casinoonnet\casino\SETTINGS Medium

Common Components for VNC Software HKU\S-1-5-21-1645522239-1004336348-725345543-1003\Software\ORL\VNCHooks Info

Common Components for VNC Software HKU\S-1-5-21-1645522239-1004336348-725345543-1003\Software\ORL\VNCHooks\Application_Prefs Info

Common Components for VNC Software HKU\S-1-5-21-1645522239-1004336348-725345543-1003\Software\ORL\VNCHooks\Application_Prefs\GLJ4.tmp Info

Common Components for VNC Software HKCU\Software\ORL\VNCHooks Info

Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs Info

Common Components for VNC Software HKCU\Software\ORL\VNCHooks\Application_Prefs\GLJ4.tmp Info

EasyWebSearch HKLM\SOFTWARE\Games High

Girafa HKCR\Interface\{99C88A20-2A46-11D4-A682-0050DA502650} Medium

IBIS Toolbar HKLM\software\microsoft\windows\currentversion\run##viewmgr Medium

Lycos SideSearch HKLM\SOFTWARE\Lycos Medium

Lycos SideSearch HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{000007C6-17DF-4438-92A4-DE5537471BA3} Medium

TargetSavers HKCU\Software\Microsoft\Windows\CurrentVersion\Run##Tsa2 Elevated

WebSearch Toolbar HKCR\Common.Buttons Elevated

WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium

WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium

WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Medium

WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Medium

WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium

WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Medium

WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Medium

WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium

WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Medium

WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Medium

WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium

WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Medium

WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Medium

WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium

WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Medium

WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Medium

WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium

WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Medium

WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Medium

WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium

WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Medium

WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Medium

WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Medium

WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Medium

WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Medium

WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Medium

WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Medium

WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Medium

WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Medium

WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Medium

WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Medium

WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Medium

WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Medium

WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Medium

WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Medium

WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Medium

WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Medium

WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Medium

WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Medium

WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Medium

WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Medium

WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Medium

WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Medium

WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Medium

WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Medium

WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Medium

WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Medium

WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Medium

WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Medium

WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Medium

WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Medium

WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Medium

WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Medium

WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Medium

WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Medium

WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Medium

WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Medium

WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Medium

WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Medium

WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Medium

WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Medium

WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Medium

WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Medium

WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Medium

WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Medium

WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Medium

WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Medium

WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid Medium

WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 Medium

WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Medium

WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3} Medium

WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0 Medium

WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0 Medium

WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32 Medium

WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS Medium

WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR Medium

WildTangent HKCR\wt3d.wt Medium

WildTangent HKCR\wt3d.wt\CLSID Medium

WildTangent HKCR\wt3d.wt\CurVer Medium

WildTangent HKCR\wt3d.wt\Insertable Medium

WildTangent HKCR\wt3d.wt.1 Medium

WildTangent HKCR\wt3d.wt.1\CLSID Medium

WildTangent HKCR\wtvis.wtvisreceiver Medium

WildTangent HKCR\wtvis.wtvisreceiver\CLSID Medium

WildTangent HKCR\wtvis.wtvisreceiver\CurVer Medium

WildTangent HKCR\wtvis.wtvisreceiver.1 Medium

WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID Medium

WildTangent HKCR\wtvis.wtvissender Medium

WildTangent HKCR\wtvis.wtvissender\CLSID Medium

WildTangent HKCR\wtvis.wtvissender\CurVer Medium

WildTangent HKCR\wtvis.wtvissender.1 Medium

WildTangent HKCR\wtvis.wtvissender.1\CLSID Medium

WildTangent HKCU\Software\WildTangent Medium

WildTangent HKCU\Software\WildTangent\CDA Medium

WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls##wtControlPanel Medium

WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##WildTangent CDA Medium

WinTools HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##WinTools Elevated

Xupiter HKLM\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686} Elevated

Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd} Elevated

Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ProxyStubClsid Elevated

Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ProxyStubClsid32 Elevated

Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\TypeLib Elevated

Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956} Elevated

Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ProxyStubClsid Elevated

Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ProxyStubClsid32 Elevated

Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\TypeLib Elevated

Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370} Elevated

Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ProxyStubClsid Elevated

Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ProxyStubClsid32 Elevated

Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\TypeLib Elevated

Tracking Cookie(s) [email protected][1].txt Medium

Advertising default@consumerincentivepromotions[2].txt Low

Tracking Cookie(s) default@atwola[1].txt Medium

Tracking Cookie(s) [email protected][1].txt Medium

Tracking Cookie(s) default@go[3].txt Medium

Advertising default@com[1].txt Low

Tracking Cookie(s) [email protected][2].txt Medium

Tracking Cookie(s) default@indextools[2].txt Medium

Known Bad Sites HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main | Search Bar High

Known Bad Sites HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Main | SearchAssistant High

BlazeFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} Elevated

BlazeFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}\iexplore Elevated

BookedSpace HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} Elevated

BookedSpace HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}\iexplore Elevated

BrAid/Rundll16 HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80672997-d58c-4190-9843-c6c61af8fe97} Medium

BrAid/Rundll16 HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80672997-d58c-4190-9843-c6c61af8fe97}\iexplore Medium

MediaUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8E25C53-9508-4F5C-9249-D98D438891D5} Elevated

MediaUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8E25C53-9508-4F5C-9249-D98D438891D5}\iexplore Elevated

Transponder.Twain-tech HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} High

Transponder.Twain-tech HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42}\iexplore High

Xupiter HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} Elevated

Codename Alvin C:\Program Files\Coding Workshop\INSTALL.LOG High

WhenU.SaveNow C:\Program Files\Save Medium

WildTangent C:\Program Files\WildTangent Medium

WildTangent C:\Program Files\WildTangent\Apps Medium

WildTangent C:\Program Files\WildTangent\Apps\CDA Medium

WildTangent C:\Program Files\WildTangent\Apps\CDA\CDAEngine0400.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted Medium

TopRebrates or WebRebates C:\WINDOWS\Belt.ini Medium

SwimSuitNetwork C:\WINDOWS\Downloaded Program Files\ActiveInstall.dll Medium

Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1 Elevated

IEPlugin C:\WINDOWS\Downloaded Program Files\default.INF Medium

Pops-Stop C:\WINDOWS\ISSM0064.DAT Elevated

WildTangent C:\WINDOWS\wt Medium

WildTangent C:\WINDOWS\wt\wtvh.dll Medium

WildTangent C:\WINDOWS\wt\data.wts Medium

WildTangent C:\WINDOWS\wt\wt3d.dll Medium

WildTangent C:\WINDOWS\wt\wt3d.ini Medium

WildTangent C:\WINDOWS\wt\WDInUsePlugin.dll Medium

WildTangent C:\WINDOWS\wt\wtgutils Medium

WildTangent C:\WINDOWS\wt\wtgutils\wtgutils.dll Medium

WildTangent C:\WINDOWS\wt\wtgutils\wtgutils.jar Medium

WildTangent C:\WINDOWS\wt\wtbgm Medium

WildTangent C:\WINDOWS\wt\wtbgm\wtbgmtt[Caution: ExecutableFile] Medium

BullsEye.eXact Advertising C:\WINDOWS\SYSTEM32\chktrust[Caution: ExecutableFile] Elevated

WildTangent C:\Program Files\Netscape\Netscape\components\nsiwthostplugin.xpt Medium

WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\jDRM0302.dll Medium

WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\wtdmmp.dll Medium

WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\wtdmmpv.dll Medium

WildTangent C:\Program Files\Java\j2re1.4.1_02\lib\ext\wildtangent.jar Medium

WildTangent C:\Program Files\Java\j2re1.4.1_02\lib\ext\wtdmmpi.jar Medium

Transponder.Twain-tech C:\Documents and Settings\Alexander Moore\Local Settings\Temp\twtini.inf High

Click Till U Win C:\Documents and Settings\Jonathon Moore\Start Menu\Programs\ClickTilluWin\clicktilluwin.lnk Medium

Altnet Software C:\Documents and Settings\Kathi Moore\Local Settings\Temp\ADMCache\admD.tmp

--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

I think this is a HJT log...I don't know anything about this stuff, and this has never happened before. HELP!!!

blade995 · April 16, 2005

i can't read your log, but it looks like all or most spyware.

We need the whole log not just the bad stuff.

Before you do hjt please scan with ad-aware, spybot search and destroy, and your virus scanner.

all can be googled to get

jabraulter · April 16, 2005

do those locate keyloggers?

blade995 · April 16, 2005

yes they are both spyware rmoval tools.

I suggest getting and using both. But if you just want to use 1 use ad-aware.

Make sure you update both prgrams before you scan with them.

jabraulter · April 16, 2005

marginheight="0" bgcolor="#ffff=c:\WINDOWS\System32\

topmargin="0" marginwidth="0" marginheight="0" bgcolor="#ffffff">

O4 - HKLM\..\Run: [

CONTENT="no-cac=c:\WINDOWS\System32\

CONTENT="no-cache">

O4 - HKLM\..\Run: [

type="text/javascri=c:\WINDOWS\System32\

type="text/javascript">

O4 - HKLM\..\Run: [var NN4] d.layers?=c:\WINDOWS\System32\var

NN4=d.layers?1:0;

O4 - HKLM\..\Run: [if(!NN] c:\WINDOWS\System32\if(!NN4) {

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

blade995 · April 16, 2005

yes, well sort of. When you scan copy and paste the log EXACTLY how it is there.

I noticed that you only have service pack1 for windows it is urgent that you go to windowsupdate.microsoft.com and install all critical updates

Splotchy · April 16, 2005

Sorry for spamming, but whats that TURTLE thing you have at the end? :shock:

Phyco1312 · April 17, 2005

Sorry for spamming, but whats that TURTLE thing you have at the end? :shock:

Well, it has X-10 in it, and we have that for our home security. So it's either adware installed because they like to spam, or he could have X-10 modules that interact with the computer such as internet security cam, home monitoring, etc.

Now be gone Mr. Turtle :)

Mercifull · April 17, 2005

You are FUBAR'ed right now!!!! How on earth did you let your computer get so bad. It has to be one of the worst logs posted so far in the history of tip.it.

Scan with norton av (WITH THE LATEST DEFENITIONS) a virus scnner witout the latest defs is just as good as not having one at all.

Install and run Ad-Aware and Spybod S&D. You should also run CWShredder and Kill2ME

After you have run all of thoise and remove any spyware that comes up check your add/remove programs for anyhting looking dodgy.

Then, and only after doing that repost a new hijackthis log.

*sigh*

Oh yeah, and i reccoment you DONT ever use internet explorer again, you just arnt security concious enough to be allowed to use it safely. Download Firefox as your new browser

Sign In

HJT log - Urgent - Keylogger HELP IM BEING HACKED

Recommended Posts

jabraulter

Link to comment

Share on other sites

blade995

Link to comment

Share on other sites

jabraulter

Link to comment

Share on other sites

blade995

Link to comment

Share on other sites

jabraulter

Link to comment

Share on other sites

blade995

Link to comment

Share on other sites

Splotchy

Link to comment

Share on other sites

Phyco1312

Link to comment

Share on other sites

Mercifull

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information