wtoolsS.exe - spyware? adware?

  1. 04-06-2004  #1
    gaagaagui
    gaagaagui is offline Newbie

    wtoolsS.exe - spyware? adware?

    I have run adaware, spysweeper and cwshredder and nothing seems to get rid of wtoolsS.exe. So...

    Here is my Hijackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:26:56 AM, on 6/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common files\WinTools\WToolsS.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    M:\test\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.41/backoffice
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = home.nvnetz.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.41/backoffice
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = sas.r5.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.r5.attbi.com
    R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
    O1 - Hosts: 129.41.63.215 mail-02vs
    O1 - Hosts: 129.41.63.30 mail-10ps
    O1 - Hosts: 129.41.63.206 mail-11ps
    O1 - Hosts: 129.41.63.62 mail-12ps
    O1 - Hosts: 129.41.63.106 mail-13ps
    O1 - Hosts: 129.41.63.113 mail-14ps
    O1 - Hosts: 129.41.63.124 mail-15ps
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: Support (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...012.5310069444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://made2manageevents.webex.com/c...nt/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3DB9CE4-BACD-4DF8-9BCE-29E28333DE94}: Domain = BARCODESOURCE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3DB9CE4-BACD-4DF8-9BCE-29E28333DE94}: NameServer = 192.168.1.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = BARCODESOURCE
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = BARCODESOURCE

    Thanks in advance for any help you can give me.

  3. 04-06-2004  #2
    Nirvana
    Nirvana is offline Elite Member
    Save 20% on AVG Internet Security 2012 Suite!
    Go to C:\Program Files\Common files\WinTools <-------- Delete this folder

    Post a fresh log when you're done and we'll clean up a bit.
+ Reply to Thread
« Explorer loses homepage (Resolved) | AVG keeps shutting down »