|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#11
June 20th 04, 03:45 PM
|
|||
|
|||
system restore
Noel, there was another wininit.ini on a reboot. Other
wininit files were .sav, .old, .jnk, .bak and also a text file, application file and configuration settings. I ran scanreg /restore and lost the .ini file and the new toolbar which was evidently from Microsoft. It had a search window, the butterfly and a popup counter among other things. I could close it out but when I went to another window it would be there again. Did the three commands suggested. No change. The following is the hijack scan. It's quite extensive. thx Kelly Logfile of HijackThis v1.97.7 Scan saved at 12:13:36 PM, on 6/19/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\DELL\DRIVERS\498FF\SETUP\PROGRAM\POINT32.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RSRCMTR.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\DESKTOP\NEW\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359- 6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F- 11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- 29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1 \NORTON~2\DEFALERT.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1 \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Setup\Program\point32.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Startup: RSRCMTR.lnk = C:\WINDOWS\RSRCMTR.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Dell Home (HKCU) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1 \Plugins\NPBelv32.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,72/mcinsctl.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37875.8781828704 O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/Oi...GOcCtl_new.cab O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/Oi...e/MGOcFilt.cab O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...oad/tgctlcm.ca b O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50016/btiein.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en- us/1,0,0,16/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss- loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...ent/vc/bin/AvS niff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S...ent/common/bin /cabsa.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab -----Original Message----- WRT HiJackThis - just run the scan, and post the results here (do NOT ask it to fix anything yet!) or better yet, to the forums at forum.aumha.org - someone will be able to advise on any required actions. You seem to have eliminated most potential pests.... after a fresh reboot, is there another WININIT.INI?? Boot to DOS using a floppy (Option3 - without CD Support), and type the following commands. DEL C:\WIN386.SWP DEL C:\WINDOWS\WIN386.SWP DELTREE C:\WINDOWS\TEMP reboot back to Windows and see what happens -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Kelly Smith" wrote in message ... Noel, had stinger 2.2.2 in a folder but downloaded the newer 2.2.8 and ran it. Also I have ad-aware. Ran bugbear remnover from McAfee. Also ran my regular McAfee virus scan on line. Updates are automatic but checked any way. Have Norton but it is only normally scaning email. Ran a full virus scan after updating. Downloaded and ran shhredder from http://www.spywareinfo.com/downloads...CWShredder.exe. All report no problems. Also on an improper shutdown and restart scan disk never finishes. It can run for hours. I downloaded this but it says you need well informed people to tell you how to use it. http://www.spychecker.com/program/hijackthis.html Kelly -----Original Message----- This does look as if you have malware running on your PC..... You may have a virus/spyware hijack download the Stinger from here and run it to make sure that A-V-disabling viruses are not present on your PC http://download.nai.com/products/mcafee- avert/stinger.exe - update your virus scanner and run a full system scan of all files. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip download AdAware from www.lavasoftusa.com, install, update, and run it to remove spyware, adware, and other such nasties from your system. -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Kelly Smith" wrote in message ... Noel, changed winint.ini to winint.jnk In winint.ini notepad reads [RENAME] NUL=C:\WINDOWS\TEMP\~309119.TMP wininit.jnk reads [RENAME] NUL=C:\WINDOWS\TEMP\~290960.TMP Still can't run system restore. Kelly -----Original Message----- You need to go to Folder Options in Windows Explorer - make sure that you have the setting to be hide file extensions for known file type UNchecked, and use Search to find WININIT.INI rename it, and post the contents of the renamed file here (open it in Notepad, and copy/paste to your response). -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Kelly Smith" wrote in message ... Noel, there is a WININIT file but no INI designation. Did the scanreg /fix but that didn't work either. Kelly -----Original Message----- Are you running Norton Software? Try this Do a Search for the file WININIT.INI - if you find it, then rename it to WININIT.JNK, and reboot - your problem should be gone. If you don't find it, then try this - Start|Run - enter SCANREG /FIX into the dialog box, and click OK - windows will reboot - see if that fixes it. HTH -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Kelly Smith" wrote in message ... When trying to use system restore I get the messsage that I need to restart my computer before system restore can run. After doing this several times and getting the same notificaton, I sense a clue that something is wrong. Help appreciated. Somehow overnight I ended up with a search toobar that I don't need. Thx Kelly . . . . 
|
|
#13
June 20th 04, 04:19 PM
|
|||
|
|||
|
system restore
This is BAD!!!
You're running Norton System Works (inc NAV) - AND McAfee?? (can't really think of a worse combination - can you Mike?) ....and ZoneAlarm .. and a popup stopper...and..... Run with either NAV or McAfee AV - NOT both!!! Uninstall the one you don't want to use. They WILL conflict with each other if both attempt to scan at the same time. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip Once you've done that - rerun HJT, and post the new log -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Kelly Smith" wrote in message ... Noel, there was another wininit.ini on a reboot. Other wininit files were .sav, .old, .jnk, .bak and also a text file, application file and configuration settings. I ran scanreg /restore and lost the .ini file and the new toolbar which was evidently from Microsoft. It had a search window, the butterfly and a popup counter among other things. I could close it out but when I went to another window it would be there again. Did the three commands suggested. No change. The following is the hijack scan. It's quite extensive. thx Kelly Logfile of HijackThis v1.97.7 Scan saved at 12:13:36 PM, on 6/19/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\DELL\DRIVERS\498FF\SETUP\PROGRAM\POINT32.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RSRCMTR.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\DESKTOP\NEW\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359- 6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F- 11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- 29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1 \NORTON~2\DEFALERT.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1 \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Setup\Program\point32.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Startup: RSRCMTR.lnk = C:\WINDOWS\RSRCMTR.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Dell Home (HKCU) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1 \Plugins\NPBelv32.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,72/mcinsctl.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37875.8781828704 O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/Oi...GOcCtl_new.cab O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/Oi...e/MGOcFilt.cab O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...oad/tgctlcm.ca b O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50016/btiein.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en- us/1,0,0,16/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss- loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...ent/vc/bin/AvS niff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S...ent/common/bin /cabsa.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
|
|
#14
June 20th 04, 04:33 PM
|
|||
|
|||
|
system restore
Noel,
It just goes to show how a user can be lulled into a false sense of security by installing Symantec's crippleware then adding in McAfee to the equation. With just the quickest of glances we can see both Wtoolsa and CoolWebSearch with enough BHOs to make the best of systems useless on the web. -- Mike Maltby MS-MVP Noel Paton wrote: This is BAD!!! You're running Norton System Works (inc NAV) - AND McAfee?? (can't really think of a worse combination - can you Mike?) ...and ZoneAlarm .. and a popup stopper...and..... Run with either NAV or McAfee AV - NOT both!!! Uninstall the one you don't want to use. They WILL conflict with each other if both attempt to scan at the same time. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip Once you've done that - rerun HJT, and post the new log
|
|
#15
June 20th 04, 05:00 PM
|
|||
|
|||
|
system restore
Yup - for me, the list looks like being
CWS/HuntBar/WToolsa/Wtoolsb/Superbar/etc/etc (Not to mention the Dell Motive Monitor and associated proggies) (want to double-check me on this lot??) C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE (OK - that's not spyware, but I doubt that Dell are going to use itg) C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- 29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe (again - Dell assistance app) O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Dell again) O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (Strictly not a problem - but I've seen it cause problems on my system) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab - (because Yahoo don't give a ......) O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB (Dell - yet again!) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Mike M" wrote in message ... Noel, It just goes to show how a user can be lulled into a false sense of security by installing Symantec's crippleware then adding in McAfee to the equation. With just the quickest of glances we can see both Wtoolsa and CoolWebSearch with enough BHOs to make the best of systems useless on the web. -- Mike Maltby MS-MVP Noel Paton wrote: This is BAD!!! You're running Norton System Works (inc NAV) - AND McAfee?? (can't really think of a worse combination - can you Mike?) ...and ZoneAlarm .. and a popup stopper...and..... Run with either NAV or McAfee AV - NOT both!!! Uninstall the one you don't want to use. They WILL conflict with each other if both attempt to scan at the same time. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip Once you've done that - rerun HJT, and post the new log
|
|
#16
June 20th 04, 05:16 PM
|
|||
|
|||
|
system restore
I'm waiting to see Kelly's HijackThis log after running CWShredder to see if
it does anything about wtoolsa. -- Mike Maltby MS-MVP Noel Paton wrote: Yup - for me, the list looks like being CWS/HuntBar/WToolsa/Wtoolsb/Superbar/etc/etc (Not to mention the Dell Motive Monitor and associated proggies) (want to double-check me on this lot??) C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE (OK - that's not spyware, but I doubt that Dell are going to use itg) C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- 29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe (again - Dell assistance app) O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Dell again) O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (Strictly not a problem - but I've seen it cause problems on my system) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab - (because Yahoo don't give a ......) O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB (Dell - yet again!) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp "Mike M" wrote in message ... Noel, It just goes to show how a user can be lulled into a false sense of security by installing Symantec's crippleware then adding in McAfee to the equation. With just the quickest of glances we can see both Wtoolsa and CoolWebSearch with enough BHOs to make the best of systems useless on the web. -- Mike Maltby MS-MVP Noel Paton wrote: This is BAD!!! You're running Norton System Works (inc NAV) - AND McAfee?? (can't really think of a worse combination - can you Mike?) ...and ZoneAlarm .. and a popup stopper...and..... Run with either NAV or McAfee AV - NOT both!!! Uninstall the one you don't want to use. They WILL conflict with each other if both attempt to scan at the same time. Reboot to Safe Mode and run CWShredder - to remove variants of the CoolWebSearch hijacker. http://www.merijn.org/cwschronicles.html Use CWShredder, the removal tool: http://www.merijn.org/files/cwshredder.zip http://www.merijn.org/files/CWShredder.exe http://www.spywareinfo.com/downloads...CWShredder.exe http://www.zerosrealm.com/downloads/CWShredder.zip Once you've done that - rerun HJT, and post the new log
|
|
#17
June 20th 04, 05:25 PM
|
|||
|
|||
|
system restore
Well - she said that she'd already run it! - I only hope that she hadn't,
and we don't have a system so stuffed that it's going to have to be a manual removal of everything  -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Mike M" wrote in message ... I'm waiting to see Kelly's HijackThis log after running CWShredder to see if it does anything about wtoolsa. -- Mike Maltby MS-MVP
|
|
#18
June 20th 04, 08:20 PM
|
|||
|
|||
|
system restore
Noel, ok ran shredder in safe mode and got a clean report.
Uninstalled Norton Virus but not the utilities. Can do if necessary. I can always run it from the CD. Here is the last report on hijack this. Always glad to have mike on board. thx Kelly Logfile of HijackThis v1.97.7 Scan saved at 2:56:11 PM, on 6/20/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\DELL\DRIVERS\498FF\SETUP\PROGRAM\POINT32.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RSRCMTR.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\DESKTOP\NEW\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359- 6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL (file missing) O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F- 11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1 \NORTON~2\DEFALERT.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1 \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Setup\Program\point32.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Startup: RSRCMTR.lnk = C:\WINDOWS\RSRCMTR.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Dell Home (HKCU) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1 \Plugins\NPBelv32.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,72/mcinsctl.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37875.8781828704 O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/Oi...GOcCtl_new.cab O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/Oi...e/MGOcFilt.cab O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...oad/tgctlcm.ca b O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50016/btiein.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en- us/1,0,0,16/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss- loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...ent/vc/bin/AvS niff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S...ent/common/bin /cabsa.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab -----Original Message----- Well - she said that she'd already run it! - I only hope that she hadn't, and we don't have a system so stuffed that it's going to have to be a manual removal of everything -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Mike M" wrote in message ... I'm waiting to see Kelly's HijackThis log after running CWShredder to see if it does anything about wtoolsa. -- Mike Maltby MS-MVP .
|
|
#19
June 20th 04, 08:33 PM
|
|||
|
|||
|
system restore
OK, you have one major hijacker (WinTools/wtoolsa) which you need to clean
from your system. I've pasted below some instructions that should help you do this, wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp). It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com. Boot to Safe Mode, now enable the viewing of all files and folders in Explorer (Tools | Folder Options | View and check "Show hidden files and folders" and uncheck "Hide protected operating system files"). Next open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would also suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Entries in the HiJackThis log to remove include: R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe Finally to prevent reinfection download and use SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can inocualte your PC against infection by many parasites and using Tools | Custom Blocking add the following: Item Name - WinTools CLSID - {87766247-311C-43B4-8499-3D5FEC94A183} --? Mike Maltby MS-MVP Kelly Smith wrote: Noel, ok ran shredder in safe mode and got a clean report. Uninstalled Norton Virus but not the utilities. Can do if necessary. I can always run it from the CD. Here is the last report on hijack this. Always glad to have mike on board. thx Kelly Logfile of HijackThis v1.97.7 Scan saved at 2:56:11 PM, on 6/20/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\DELL\DRIVERS\498FF\SETUP\PROGRAM\POINT32.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RSRCMTR.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\DESKTOP\NEW\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359- 6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL (file missing) O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F- 11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1 \NORTON~2\DEFALERT.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1 \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Setup\Program\point32.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Startup: RSRCMTR.lnk = C:\WINDOWS\RSRCMTR.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Dell Home (HKCU) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1 \Plugins\NPBelv32.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,72/mcinsctl.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37875.8781828704 O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/Oi...GOcCtl_new.cab O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/Oi...e/MGOcFilt.cab O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...oad/tgctlcm.ca b O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50016/btiein.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en- us/1,0,0,16/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss- loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...ent/vc/bin/AvS niff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S...ent/common/bin /cabsa.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
|
|
#20
June 20th 04, 08:34 PM
|
|||
|
|||
|
system restore
OK - seems CWShredder didn't do as much as we hoped it would
((maybe a new variant? - you did get the latest download (v1.59), didn't you?) OK run HJT again, and this time ask it to fix the following items..... Then reboot, scan with HJT again, and post the new log C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D- 3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- 29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (Strictly not a problem - but I've seen it cause problems on my system) O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f.../Mar27pmvp.asp "Kelly Smith" wrote in message ... Noel, ok ran shredder in safe mode and got a clean report. Uninstalled Norton Virus but not the utilities. Can do if necessary. I can always run it from the CD. Here is the last report on hijack this. Always glad to have mike on board. thx Kelly Logfile of HijackThis v1.97.7 Scan saved at 2:56:11 PM, on 6/20/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE C:\PROGRAM FILES\MOTIVE\MOTMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\DELL\DRIVERS\498FF\SETUP\PROGRAM\POINT32.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RSRCMTR.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\DESKTOP\NEW\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL F1 - win.ini: run=hpfsched O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D- 00400515CAAA} - (no file) O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359- 6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F- C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL (file missing) O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730- 1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 \READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {87766247-311C-43B4-8499- 3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL O3 - Toolbar: SuperBar - {EA18136F-9840-4C4C-8FAE- FA407C86058B} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683- 905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F- 11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1 \NORTON~2\DEFALERT.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1 \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Setup\Program\point32.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1 \MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1 \MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Startup: RSRCMTR.lnk = C:\WINDOWS\RSRCMTR.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Dell Home (HKCU) O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1 \Plugins\NPBelv32.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...cabs/flash/swf lash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en- us/4,0,0,72/mcinsctl.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co.../ansi/iuctl.CA B?37875.8781828704 O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/Oi...GOcCtl_new.cab O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/Oi...e/MGOcFilt.cab O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...oad/tgctlcm.ca b O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50016/btiein.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en- us/1,0,0,16/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss- loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...ent/vc/bin/AvS niff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S...ent/common/bin /cabsa.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...rs/MetaStream3. cab?url=http://www.samsungusa.com/cgi- bin/nabc/campaign/voom/b2c_sweeps_voom.jsp O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab -----Original Message----- Well - she said that she'd already run it! - I only hope that she hadn't, and we don't have a system so stuffed that it's going to have to be a manual removal of everything -- Noel Paton (MS-MVP 2002-2004, Win9x) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm Please read http://dts-l.org/goodpost.htm on how to post messages to NG's or http://www.microsoft.com/presspass/f...2001/Mar01/Mar 27pmvp.asp "Mike M" wrote in message ... I'm waiting to see Kelly's HijackThis log after running CWShredder to see if it does anything about wtoolsa. -- Mike Maltby MS-MVP .
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Please help! Display settings !! | Mitzi | Monitors & Displays | 12 | July 11th 04 05:19 AM |
| "Restore/Temp......."Virus OEM Me | David Oltmann | General | 5 | June 8th 04 09:25 PM |
| me trouble / missing outlook mail folder/ cant restore system | pandy | General | 1 | June 3rd 04 06:35 AM |
| System Restore | Jerry Ross | General | 1 | May 28th 04 11:39 PM |
| deleting virus files from System Restore - admin authority needed | Jim | General | 1 | May 27th 04 06:42 PM |
Linear Mode
