Win32:Spyware-gen [Trj] Error Loading

[wfd1566]

Booted up the computer today had no internet connection. Figure cable modem was down unplugged it rebooted and got internet connection. Avast then hammered me with virus alerts for Win32:Spyware-gen [Trj] & Win32:Spyware-gen [Adw]. Try deleting then I rebooted and ran full virus scan along with spyware doctor. Everthing checked out but still could not get connected. I went on the wifes computer and read about this stupid thing and did a remove program for the newdot and also downloaded lspfix.zip (thank god for the 3.5 inch floppy we all don't need) ran the lspfix and internet connect was fixed, but now upon booting the computer I get the following Error Loading c:\program~1\newdot~1\newdot~2.dll The specified module could not be found. Now I know I didn't exactly remove this thing correctly but does anyone have a idea on how I can get rid of this error message. Also while not connecting to the internet Avast gave me a error message 10106.I am running Window XP Pro. Thanx for any help

[wfd1566]

Ok I searched for other with this problem and used hijackthis and here is the log:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\PerSono\PersTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\devldr32.exe
C:\Mark\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.metacrawler.com/info.metac.toolbar/dog/forms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.metacrawler.com/info.metac.toolbar/dog/forms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.metacrawler.com"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\whu63mba.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\whu63mba.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Perstray.lnk = C:\Program Files\PerSono\PersTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Metacrawler Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\MetacrawlerToolbar\contextsearch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Im guessing the one I highlighted in Red I should delete. I just want to be sure before I screw up beyond repair if I havent already.
Also is there anything else in there I should get rid off. Thanx guys I really appreciate it for any help you can give...

Thanx

[Spiritsongs]

  Hi wfd1566 :

    What "remove program for newdotnet" did you use ?
    Have never been impressed with the "effectiveness" of
    Spyware Doctor ; any other security program(s) on your
    computer ?
    Perhaps you can use Windows "Search > All files and
    folders" using the search "term" "newdot" and "Delete"
    all it finds !? If you find something that does NOT want to
    be "deleted", try installing "Unlocker" from :
    http://ccollomb.free.fr/unlocker/  and using it .

[wfd1566]

I used add/remove programs from control panel to remove newdot. Im getting the error message when I 1st boot up it is looking for newdot~2.dll and cant find the file so Im guessing nit is a registry thing going on.Other than Avast and spyware doctor nothing else on the computer in terms of security.

[Spiritsongs]

  Hi wfd1566 :

    HijackThis MUST be moved to a folder of its own where it can save backups.
Rightclick on an empty space on your C:\Drive & choose New > Folder
Name it HJT
Rightclick HijackThis.exe, choose Cut.
Doubleclick (to open) the folder you created.
Rightclick inside and choose Paste.

    You might want to consider using a FREE Registry Cleaner
    recommended by another Forum member called :
    Tweaknow RegCleaner from :
    www.tweaknow.com/RegCleaner.html .
    After installing it, use the "Beginner" setting and run a
    scan, to see if it detects the "newdot" item !?

[melb]

Exactly same thing happened to me yesterday - lost internet access and could not clear avast warning message.

Tried avast's delete option - error message given - could not delete newdot..dll

Tried cleaning up registry manually by removing all newdot references.

Very, very slow boot and closedown - assume newdot still alive and internet connection timing out!

So, both cleanups not sucessfull.

Had to nuke XP and recover from backup, run in safe mode, de-install avast. Now all OK.

Obviously. newdot is not coexisting with avast. newdot seems to self update.... Why do Real One etc use this thing! Argh!!

Mel   

[polonus]

Hi wfd1566,

Here is a complete removal instruction:
http://www.pchell.com/support/savenow.shtml

The analysis of your HJT log can be found here (for the next consequent three days)
http://www.hijackthis.de/logfiles/2d75326915507b428e74b15321290a66.html
A tool for cleaning out wrong toolbar- & broser helper objects items (see red items in your log file)can be found here: http://www.snapfiles.com/dlnow/rdir.dll?id=107693

polonus

[Spiritsongs]

   Hi wfd1566 :

     Since the "analysis" of your HJT log shows "Unknown",
    "Unnecessarily", "Possibly nasty" categories,as well as
    "safe" for many of those R0 & R1 items that I see HJT
     Experts recommend to be "fixed" on antiSPYWARE forums,
     perhaps you should use the services of one of those
     Experts !? Since the only antiSPYWARE program you
     appear to have is Spyware Doctor, which does NOT have a
     Support forum, I recommend you ask for help at :
     www.landzdown.com .

[mashih]

Hi,
I had the same error after install Avast. They said to uninstall Avast, but it didn't work. I see in one site were they said to download it:

WinSock XP Fix (offers a last resort if your Internet connectivity has been corrupted due to invalid or removed registry entries. It can often cure the problem of lost connections after the removal of ...)
The site is:
 
http://www.snapfiles.com/opinions/WinSock_XP_Fix/WinSock_XP_Fix.html

It worked after I opened my internet conetion and put my IP address on properties.

I hope it works for you. I see that many people have the same problem.
Ma Shih

Booted up the computer today had no internet connection. Figure cable modem was down unplugged it rebooted and got internet connection. Avast then hammered me with virus alerts for Win32:Spyware-gen [Trj] & Win32:Spyware-gen [Adw]. Try deleting then I rebooted and ran full virus scan along with spyware doctor. Everthing checked out but still could not get connected. I went on the wifes computer and read about this stupid thing and did a remove program for the newdot and also downloaded lspfix.zip (thank god for the 3.5 inch floppy we all don't need) ran the lspfix and internet connect was fixed, but now upon booting the computer I get the following Error Loading c:\program~1\newdot~1\newdot~2.dll The specified module could not be found. Now I know I didn't exactly remove this thing correctly but does anyone have a idea on how I can get rid of this error message. Also while not connecting to the internet Avast gave me a error message 10106.I am running Window XP Pro. Thanx for any help

[Janani]

Win32:SpyWare-gen[trj] is present in my system volume information... could anyone suggest me how to remove it and what has to be done..

[essexboy]

If it is in system restore then:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done