1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

WToolsA.exe and WtoolsS.exe problem

Discussion in 'Security and Privacy' started by Tink2725, 2004/05/20.

Thread Status:
Not open for further replies.
  1. 2004/05/20
    Tink2725

    Tink2725 Inactive Thread Starter

    Joined:
    2004/05/20
    Messages:
    3
    Likes Received:
    0
    I ran my own Ad-aware and norton nothing found, I ran housecall nothing found. I couldnt go online with this running so I manualy deleted and both files are in my trash, I also had to stop the start up for Wtoolsz.exe. Can someone check my HJT file and help me remove anything that don't belong? thanks so much...Here is the HJT file
    Logfile of HijackThis v1.97.7
    Scan saved at 9:46:31 AM, on 5/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HistoryKill\histkill.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Tammy Richard\Local Settings\Temp\Temporary Directory 19 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=30379&
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N2 - Netscape 6: user_pref( "browser.startup.homepage ", "http://home.netscape.com/ "); (C:\Documents and Settings\Tammy Richard\Application Data\Mozilla\Profiles\default\vhdagj6a.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe "
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\TAMMYR~1\LOCALS~1\Temp\tb_setup.exe /dcheck
    O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
    O8 - Extra context menu item: &2 Customize Menu - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComCustomIEMenu.html
    O8 - Extra context menu item: &7 Fill Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html
    O8 - Extra context menu item: &8 Save Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html
    O9 - Extra button: Control Pad (HKLM)
    O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
    O9 - Extra button: Fill Forms (HKLM)
    O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
    O9 - Extra button: Save Forms (HKLM)
    O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: RF toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
     
    Tink2725,
    #1
  2. 2004/05/20
    Tink2725

    Tink2725 Inactive Thread Starter

    Joined:
    2004/05/20
    Messages:
    3
    Likes Received:
    0
    the rest of file

    here is the rest, it wouldnt fit in above...

    O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.8.2.19/slots/alibaba-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/checkers2/checkers-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino06.pogo.com/applet/domino/domino-ob-assets.cab
    O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.8.2.19/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.2.19/greenback/greenback-ob-assets.cab
    O16 - DPF: Hammerhead Pool by pogo - http://pool05.pogo.com/applet/pool/pool-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
    O16 - DPF: Heavy Cannon by pogo - http://ea04.pogo.com/applet/heavycannon/heavycannon-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.1.28/pool2/pool-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke03.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.1.28/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.1.28/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://threehole01.pogo.com/applet/threehole/threehole-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://swashbucks02.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit23.pogo.com/applet/poppit/poppit-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://sweet05.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.2.19/holdem/holdem-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo09.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker01.pogo.com/applet-5.8.2.19/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
    Tink2725,
    #2


  3. to hide this advert.

  4. 2004/05/20
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    PeteC,
    #3
  5. 2004/05/20
    Tink2725

    Tink2725 Inactive Thread Starter

    Joined:
    2004/05/20
    Messages:
    3
    Likes Received:
    0
    thanks wow it seems like a pest. I hope I can get rid of it.
     
    Tink2725,
    #4
  6. 2004/05/20
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Looks like you got rid of it, :)
    check in control panel addremove programs/change programs for wintools,
    if there try its uninstall

    this also needs fixing.
    But first
    Make a new folder , perhaps in C:\Documents and Settings\ "AntiSpyware "<< for instance,, unzip hijackthis and put it there, or just download the exe version here http://radiosplace.com/
    This is necessary to ensure you have backups should anything go wrong



    Start Hijackthis and place a check next to these items
    Close all browser windows and shut down all other programs(even Folders) that show in the taskbar. Then Hit fix selected
    O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\TAMMYR~1\LOCALS~1\Temp\tb_setup.exe /dcheck
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    ======
    Reboot, In folder options set windows to show all hidden files and folders
    and delete the wintools folder(if still there)
    C:\Program Files\Common files\WinTools
    How to Show hidden files and folders.
    Important Next delete the contents of all your temp folders, as in.
    C:\documents and settings\(all your pc users)\local settings\temp
    and the contents of the C:\windows\temp folder
    Clear IE's cache via control panel internet options [delete files] button and mark the popup to also delete offline content

    Regards
     
    Lonny Jones,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...