WToolsA.exe, Enfer Singe's hijackthis-Log

here is my log, I posted in the ther thread called WToolsA about it, and anything you can do to help would be extremely appreciated. BTW...yes, I still use aol

Logfile of HijackThis v1.97.7
Scan saved at 5:52:27 PM, on 5/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Brad\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08F034CD-6F56-4F78-97DD-C7343AF2FF77}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{08F034CD-6F56-4F78-97DD-C7343AF2FF77}: NameServer = 205.188.146.146

 

Hello Enfer Singe. Welcome to WindowsBBS!

Open Ad-aware and click the large i at the top. Verify that you have build 6.181. If not, upgrade it. Follow the instructions here to do a full scan, do one and reboot. Try checking the entry in msconfig again and post a new HJT log.

 

OK, I did everything as told, computer has been restarted, it appears it is all gone (fingers crossed). The ony thing is that I ran msconfig and there is still a WTools exe, although it is unchecked. Also, all of the files from the WinTools folder in Program Files > Common Files were deleted so I went ahead and deleted the folder. So the location of the WToolsA file in MSconfig > Startup no longer exists. Any thoughts on how to delete this final trace if WTools? O, BTW, since I changed the Startup settings in MSconfig I get the message when I boot up about the changed settings. Should I just check the do not display this message. I'd assume, because all it does is tell me I changed some settings and then brings up MSconfig. Anyway, here is the latest Hijack This log and thank you very much for all your help, hope this is the last I have to hear of WTools .

Logfile of HijackThis v1.97.7
Scan saved at 7:31:43 PM, on 5/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Brad\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08F034CD-6F56-4F78-97DD-C7343AF2FF77}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{08F034CD-6F56-4F78-97DD-C7343AF2FF77}: NameServer = 205.188.146.146

 

First, download LSPFix.zip. You may need it later. Download CWShredder from the link in my signature. Open and with all other windows closed, click fix. Scan with HJT again and place a check next to any of these remaining entries. Then fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_6390.dll' missing


Recheck that entry for wintools in msconfig and reboot. If you cannot get any pages to display in IE, use the LSPFix. There's a readme included with it. Post a new log.

 

OK, I did what you told me to do, downloaded CWShredder and LSPFix, ran CWShredder, restarted, and then put checks next to all the items you listed, then restarted. Anyway, that is where I am now. I want to make sure I have this right...you want me to select the WToolsA in the startup area of msconfig, or not, because there is no WinTools in startup. However, there is a file under services called WinTools for IE service. This box has always been checked and in my quest to get rid of WTools has never been touched. Also, as I said, there is still a box that is not selected in the startup tab calle WToolsA, but the directory that it has listed is the folder that I deleted, in which all the WTools stuff was. So do I need to worry about that? I would like to get rid of it, even if it doesnt matter, because this WTools sh!t has given me so much **** that I really don't want to see it again, as well as worry that there is still something of it left on my computer. Anyway, here is my updated log and hopefully everything is going smooth. BTW, my CPU usage is back to its normal 0%-10%, usually staying around 0 and 2%, as well as no more constant hour glass next to my mouse icon. PS, I use aol's browser anyway, so IE doesn't really appy to me that much, except when I am at LAN's or something and have access to a high speed connection. But I tried and I can view webpages with it, and hopefully am going to getcable over the summer, so I would like it to work. Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 11:35:49 PM, on 5/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Brad\Desktop\Downloads\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08F034CD-6F56-4F78-97DD-C7343AF2FF77}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{08F034CD-6F56-4F78-97DD-C7343AF2FF77}: NameServer = 205.188.146.146

EDIT:lol, it edited cr4p.

 

That is the box I wanted you to recheck. HijackThis cannot see it otherwise. The other alternative is through regedit. Or RegSeeker. You can use the find in registry function to quickly search for and delete related entries and/or cleaning the registry several times may get any rouge entries. Frankly I'd be curious to know if it can or will clean the reference to the services entry.

BTW, log looks good. Glad to hear things are working well again. Time to think protection. Firewall, SpywareBlaster and Spybot's immunize feature would be a good start, and maybe even sufficient.

 

OK, I understand what your saying by use regedit, but when you say clean the registry abd cleaning the refrence to the service entry, do you mean search for WTools and delete everything I see until it goes away....sorry, im not familiar with regedit or registries for that matter. Also, I mentioned that
when I run msconfig and go to services, there is a file called WinTools for IE service. Is this legit? Another question is that when I am in msconfig>startup, there are 2 blank files below where the original WToolsA used to be. Under the Startup Item tab, there is only a checked box, under Command there is also nothing, and under Location it is HKCU\Software\Microsoft\Windows\CurrentVersion\Run, which is what most of the file's location in the startup tab is. Any thoughts? Last thing is that to my dissapointment, I ran out and bought McAfee Virus Scan Pro because I was going to a LAN party that night and so I didnt have much time to research anti-virus software. This program didn't come with a firewall, and I later learned that for the same price I could have had McAfee Internet Security Suite which comes with virus scan home edition, McAfee personal firewall plus, a spam blocker, and McAfee privacy service. Anyway the result is that I do not have a firewall, just a virus scan, and like you said I am in the market for a *hopefully* free, well made firewall and was wondering if you could recommend one. I just downloaded the free zone alert firewall, and saw that you spoke highly of the EZ firewall which offered the 1 year free. So should I just get both, try them out and see what I like, keep them both, or what would you recommend until next year, when I will probably get that next version of the McAfee Internet Security Suite. Sorry for the long post, and thank you so much for bearing with me through this.

 

I think the best thing to do is get the RegSeeker and use it. Just click 'clean registry'. I've never had any problems deleting everything it finds. It does make backups, so if problems arise, it is easily put back. It will sometimes take 2 or 3 runs to come up clean. The wintools for IE service is a bogus entry also, and hopefully will be cleaned with RegSeeker. It's not a problem really though, as are none of the others. WinTools IS GONE! It's purely cosmetic at this point.

I don't recommend installing a second antivirus, and I hate to say dump what you paid for to use something free, so.........the Zone Alarm firewall free version works well and I say use it if you have it. eTrust may have another free trial by the time your paid for AV expires. Even if it doesn't, the price for eTrust's package is right and you could buy it at that time if you wish.

 

OK, I got the prog, scanned, 13 WTools Files come up, just selct all, right click them, and delete?

 

Yep

 

OK, deleted that, only thing that I still find is that WinTools for IE services file in services. As long as that isn't screwin with anything, im cool with that. Thanks for all your help. BTW, do you have any idea what those blank files are under startup in msconfig are that I mentioned earlier? Thanks!

 

Great! That entry shouldn't bother anything, but should decide you'd like to go into the registry and see if you can get it out, let us know. We'll walk you through a regedit. Same with the others in msconfig. Hard to say what they were, but they're doing nothing and removal is cosmetic. Did you run RegSeeker in the clean registry mode or search for particular keyword? You can try changing keywords for more possible results.

 

K, did the RegSeeker for WinTools instead of WTools and I get 25 results. Some are for the WinTools for IE service and many are WinToolsSVC and others are WinTools_" ", inside the quotes being things such as KW, IES, ES, and AD. Can I just go ahead and get rid of everything, or should I just go for the WinTools for IE services? Thanks!

 

You should be able to nix them all without any problems. I personally would just run it in the clean mode as many times as it takes to come up with nothing, deleting everything each time. Nothing wrong with a clean registry. Your PC will thank you with better performance.

 

Man...Its been a long hard road, but by God, we've beat this thing......this monster. Goodbye WTools, I'll see you in Hell. As for you noahdfear...YOU PWN ALL VIRUSES. Thank you so much for your help and doing all this stuff for me. Here's a little something for you to show my gratitude.

THANK YOU

Again, thanks for all your help and hope you enjoy the above site....always make me laugh.

 

Wow.......I'm touched by that. You are very welcome for the help. Thank YOU.....for taking the time to do such a wonderful thing for me.....Wow, again

 

What a way to say "Thank you "!! You deserve it, Dave.

Johanna

 

Thank you Johanna! Yeah, I'm still smiling ear to ear by it. It was very thoughtful!