SJP Posted June 5, 2007 Please help someone!! Just recently my system kept rebooting as soon as I logged in, I took maching to a shop and they said the problem was resolved. However, it now goes into screensaver mode after 2 minutes and when I go into the power options menu (in Control panel) I am unable to double click the ICON, all others seem to work! Also I cannot do a system restore as it wont let me go back from the month of June. I ran NOD32 virus checker which found a few things and successfully removed them, however it keeps finding a virus called C:\cp1041.nls (probably a variant of WIN32/spabot.nac trojan). It was placed in quarantine and it looks like it has put it in there 10 times so far?? I'm on the verge of reformatting, but dont really want to! Thanks SJP Share this post Link to post Share on other sites
SUPERAntiSpy Posted June 5, 2007 Please help someone!!Just recently my system kept rebooting as soon as I logged in, I took maching to a shop and they said the problem was resolved. However, it now goes into screensaver mode after 2 minutes and when I go into the power options menu (in Control panel) I am unable to double click the ICON, all others seem to work! Also I cannot do a system restore as it wont let me go back from the month of June. I ran NOD32 virus checker which found a few things and successfully removed them, however it keeps finding a virus called C:\cp1041.nls (probably a variant of WIN32/spabot.nac trojan). It was placed in quarantine and it looks like it has put it in there 10 times so far?? I'm on the verge of reformatting, but dont really want to! Thanks SJP Did you scan with SUPERAntiSpyware? Share this post Link to post Share on other sites
SJP Posted June 6, 2007 Yes, I did a scan, shall I attach the report? Share this post Link to post Share on other sites
SJP Posted June 6, 2007 Here is my SAS report, not sure if the C:\cp1041.nls is there as NOD32 puts it into quarantine when I log in. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 06/04/2007 at 07:14 PM Application Version : 3.8.1002 Core Rules Database Version : 3248 Trace Rules Database Version: 1259 Scan type : Complete Scan Total Scan Time : 00:27:00 Memory items scanned : 350 Memory threats detected : 0 Registry items scanned : 6955 Registry threats detected : 43 File items scanned : 34026 File threats detected : 199 Adware.IWantSearchBar HKLM\Software\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID C:\WINDOWS\SYSTEM32\TOOLBAND.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\ToolBand.ToolBandObj.1 HKCR\ToolBand.ToolBandObj.1\CLSID HKCR\ToolBand.ToolBandObj HKCR\ToolBand.ToolBandObj\CLSID HKCR\ToolBand.ToolBandObj\CurVer HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR HKU\S-1-5-21-4074729637-1847329920-2188953037-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Adware.Tracking Cookie C:\Documents and Settings\Stuart\Cookies\stuart@tacoda[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-deltatre.hitbox[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@whatcar[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.ak.facebook[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@hitbox[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@statcounter[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@adopt.euroclick[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@adtech[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@2o7[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@bluestreak[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@cgi-bin[7].txt C:\Documents and Settings\Stuart\Cookies\stuart@commission-junction[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@tribalfusion[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@3.adbrite[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@opodo.122.2o7[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@sextracker[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@adultadworld[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-autotrader.hitbox[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.itv[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@bs.serving-sys[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@questionmarket[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-dig.hitbox[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@spylog[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad1.clickhype[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@clicktorrent[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.yieldmanager[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@doubleclick[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@cgi-bin[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@data3.perf.overture[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@perf.overture[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@247realmedia[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@casalemedia[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@overture[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@stat.onestat[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@a[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@zango[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@statse.webtrendslive[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@counter15.sextracker[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@stats.channel4[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@hotlog[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@xiti[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@mediaplex[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@atoc.112.2o7[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@zedo[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@adbrite[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@revsci[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@tracking.summitmedia.co[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-nokiafin.hitbox[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@usenext[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@atdmt[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@yadro[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@cpvfeed[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@adserver.adreactor[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@4.adbrite[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@sitestats.tiscali.co[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@msnportal.112.2o7[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.media-servers[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@haynet.adbureau[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@fastclick[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.zanox[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@tracker.bitebbs[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@advertising[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@apmebf[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@as-eu.falkag[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@itxt.vibrantmedia[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@winantispyware[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@www.poweradvertising[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-tfl.hitbox[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@tradedoubler[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@s[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@adrevolver[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-twi.hitbox[4].txt C:\Documents and Settings\Stuart\Cookies\stuart@interclick[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.adbrite[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@toplist[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.pointroll[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@serving-sys[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@netmediagroup[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@adrevolver[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@atdmt[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.pointroll[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@paypal.112.2o7[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@anad.tacoda[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@doubleclick[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@image.masterstats[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@cz7.clickzs[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@mediaplex[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@adultadworld[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@targetnet[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@zedo[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@stats.drivecleaner[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@sexlist[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@xiti[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@partners.adultadworld[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.mininova[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@advertising[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@adbrite[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@toplist[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@tacoda[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@fastclick[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@adtech[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@hitbox[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@stats[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@tracker.esecure-transaction[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@casalemedia[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@tribalfusion[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@2o7[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@www.burstnet[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-twi.hitbox[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-dig.hitbox[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.tiscali[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-deltatre.hitbox[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.telegraph.co[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@tracking.summitmedia.co[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-lexmark.hitbox[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@revsci[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.yieldmanager[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@sitestats.tiscali.co[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.tiscali[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@statcounter[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@2o7[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@questionmarket[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@tribalfusion[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@zedo[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@hotlog[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@fastclick[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@adbrite[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@adultfriendfinder[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@as-eu.falkag[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@tradedoubler[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ads.pointroll[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@serving-sys[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@yadro[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@advertising[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@revsci[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@hitbox[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@statse.webtrendslive[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-twi.hitbox[2].txt C:\Documents and Settings\Stuart\Cookies\stuart@bs.serving-sys[1].txt C:\Documents and Settings\Stuart\Cookies\stuart@ad.yieldmanager[3].txt C:\Documents and Settings\Stuart\Cookies\stuart@ehg-deltatre.hitbox[3].txt C:\Documents and Settings\Guest\Cookies\guest@112.2o7[1].txt C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt C:\Documents and Settings\Guest\Cookies\guest@adtech[2].txt C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.hxtrack[1].txt C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt C:\Documents and Settings\Guest\Cookies\guest@opodo.122.2o7[1].txt C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@clicktorrent[1].txt C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt C:\Documents and Settings\Guest\Cookies\guest@roiservice[1].txt C:\Documents and Settings\Guest\Cookies\guest@click.cashengines[2].txt C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt C:\Documents and Settings\Guest\Cookies\guest@media.fastclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[2].txt C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt C:\Documents and Settings\Guest\Cookies\guest@advertising[3].txt C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt C:\Documents and Settings\Guest\Cookies\guest@tacoda[3].txt C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[3].txt C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt C:\Documents and Settings\Guest\Cookies\guest@ads.ak.facebook[1].txt C:\Documents and Settings\Guest\Cookies\guest@advertising[4].txt C:\Documents and Settings\Guest\Cookies\guest@adrevolver[5].txt C:\Documents and Settings\Guest\Cookies\guest@adrevolver[4].txt C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt C:\Documents and Settings\Guest\Cookies\guest@ad.adserverplus[2].txt C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt C:\Documents and Settings\Guest\Cookies\guest@fastclick[4].txt C:\Documents and Settings\Guest\Cookies\guest@paycounter[1].txt C:\Documents and Settings\Guest\Cookies\guest@3.adbrite[2].txt C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt C:\Documents and Settings\Guest\Cookies\guest@bannersng.yell[1].txt C:\Documents and Settings\Guest\Cookies\guest@sitestats.tiscali.co[1].txt C:\Documents and Settings\Guest\Cookies\guest@ad.tiscali[1].txt C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id C:\Program Files\Save\save.db C:\Program Files\Save C:\PROGRAM FILES\WINACE\VVSNINST.EXE Adware.Zango Toolbar/Hb HKCR\Wallpaper.WallpaperManager HKCR\Wallpaper.WallpaperManager\CLSID HKCR\Wallpaper.WallpaperManager\CurVer HKCR\Wallpaper.WallpaperManager.1 HKCR\Wallpaper.WallpaperManager.1\CLSID HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F} HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34} HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0 HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0 HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\FLAGS HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A} HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32 HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib#Version Adware.180solutions/ZangoSearch C:\DOCUMENTS AND SETTINGS\STUART\LOCAL SETTINGS\TEMP\1807.TMP Share this post Link to post Share on other sites
EliteKiller Posted June 7, 2007 SJP, please see this thread: https://forums.superantispyware.com/viewtopic.php?t=516 Share this post Link to post Share on other sites