• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
anim8

WToolsA,S,Wsup,Internat are these bad??

2 posts in this topic

I've just spent the last couple of days trying to get my computer back to normal. I've been neglecting it for a while and just bearing with it's weird actions.

 

When I run S&D I come up with reappearing problems.

 

Error during check!

Xabot(ungultiger etc.)

 

DSO Exploit

Huntbar.Stoolbar

Huntbar

 

Unknown (sometimes)

 

I have then run Adaware 6 anyway and it seems like it keeps finding things

 

Here is my HijackThis log

 

Logfile of HijackThis v1.97.7

Scan saved at 8:20:27 AM, on 08/07/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 (5.00.2920.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\P2P Networking\P2P Networking.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\WINNT\system32\internat.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Kill Popup\KillPopup.exe

C:\Documents and Settings\Supa.NOVA-1\Start Menu\Programs\Startup\lightSourceTray.exe

C:\Documents and Settings\Supa.NOVA-1\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50017

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50017

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googlenav0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googlenav0.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: lightSourceTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Kill Popup.lnk = C:\Program Files\Kill Popup\KillPopup.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab

 

Is Internat.exe a legit file

 

Lightsource is a bought program/screensaver and should be fine.

 

If it helps any I've been getting BHO errors for a while

Run-time error '91'

 

Also when I open Recycle bin causes error in explorer.exe and closes it and disables active desktop.

 

Any help would be greatly appreciated!

Thanx!

Share this post


Link to post
Share on other sites

Hello anim8

 

You are running an outdated version of HiJackThis, please download HijackThis v1.98 here.

Unzip to a convenient permanent folder, for example: C:/HiJackThis/HiJackThis.exe as you are currently running it from your desktop.

 

Go to TrendMicro and perform an online virus scan. Let it fix anything that it finds. Do the same at Pandasoftware.

 

Wintools may have an entry in the Add/Remove Programs Control Panel. If so, it may be easy to get rid of. If not, there are still ways to remove it from your system.

 

For either solution:

Reboot into Safe Mode. To do this with Windows 2000, you can follow these instructions from Microsoft.

 

Once in Safe Mode:

Click on the Start Button, Control Panel. Double-click on Administrative Tools then on Services.

Look for a service called Wintools for IE Service. double-click it to open, then click the Stop button and change the "Startup type" to Disabled.

(If the service is not there, no worries...all the better!)

 

Next, right-click on the Windows Taskbar and select Task Manager.

In the Processes tab, look for WToolsA.exe, WToolsS.exe and WSup.exe. If any or all of these exist, right-click on each one and select End Process Tree, and answer affirmatively to any confirmation questions.

 

At this point, you can check the Add/Remove Programs Control Panel. If there is an uninstaller for Wintools, try running it now. I would still recommend proceeding through the rest of this fix even if there is an uninstaller, however.

 

Now, please open a command prompt (Start button -> Run, type cmd and click "OK"). at the prompt, type

regsvr32 /u /s "C:\Program Files\Toolbar\toolbar.dll" then <ENTER>.

Then type exit to close the command prompt window.

 

Now, we can proceed to delete these directories, located at:

 

C:\Program Files\Common Files\WinTools <-- Delete the BOLD directory.

C:\Program Files\Toolbar <-- Delete the BOLD directory.

 

Run HijackThis, and place a checkmark beside each of these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50017

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50017

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50017

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

 

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

 

Also, your internet explorer is badly out of date, you should go to the windows update page to check for all updates, download and install all marked "critical".

 

After checking the necessary items, click the Fix checked button. After that, reboot the PC back into "Normal" mode and post a new HijackThis log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0