CP1041.nls

[SJP]

Please help someone!!

Just recently my system kept rebooting as soon as I logged in, I took maching to a shop and they said the problem was resolved. However, it now goes into screensaver mode after 2 minutes and when I go into the power options menu (in Control panel) I am unable to double click the ICON, all others seem to work! Also I cannot do a system restore as it wont let me go back from the month of June.

I ran NOD32 virus checker which found a few things and successfully removed them, however it keeps finding a virus called C:\cp1041.nls (probably a variant of WIN32/spabot.nac trojan). It was placed in quarantine and it looks like it has put it in there 10 times so far??

I'm on the verge of reformatting, but dont really want to!

Thanks

SJP

[SUPERAntiSpy]

Please help someone!!

Just recently my system kept rebooting as soon as I logged in, I took maching to a shop and they said the problem was resolved. However, it now goes into screensaver mode after 2 minutes and when I go into the power options menu (in Control panel) I am unable to double click the ICON, all others seem to work! Also I cannot do a system restore as it wont let me go back from the month of June.

I ran NOD32 virus checker which found a few things and successfully removed them, however it keeps finding a virus called C:\cp1041.nls (probably a variant of WIN32/spabot.nac trojan). It was placed in quarantine and it looks like it has put it in there 10 times so far??

I'm on the verge of reformatting, but dont really want to!

Thanks

SJP

Did you scan with SUPERAntiSpyware?

[SJP]

Yes, I did a scan, shall I attach the report?

[SJP]

Here is my SAS report, not sure if the C:\cp1041.nls is there as NOD32 puts it into quarantine when I log in.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/04/2007 at 07:14 PM

Application Version : 3.8.1002

Core Rules Database Version : 3248

Trace Rules Database Version: 1259

Scan type : Complete Scan

Total Scan Time : 00:27:00

Memory items scanned : 350

Memory threats detected : 0

Registry items scanned : 6955

Registry threats detected : 43

File items scanned : 34026

File threats detected : 199

Adware.IWantSearchBar

HKLM\Software\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib

HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID

C:\WINDOWS\SYSTEM32\TOOLBAND.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

HKCR\ToolBand.ToolBandObj.1

HKCR\ToolBand.ToolBandObj.1\CLSID

HKCR\ToolBand.ToolBandObj

HKCR\ToolBand.ToolBandObj\CLSID

HKCR\ToolBand.ToolBandObj\CurVer

HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}

HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0

HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0

HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32

HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS

HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR

HKU\S-1-5-21-4074729637-1847329920-2188953037-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Adware.Tracking Cookie

C:\Documents and Settings\Stuart\Cookies\stuart@tacoda[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-deltatre.hitbox[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@whatcar[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.ak.facebook[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@hitbox[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@statcounter[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adopt.euroclick[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adtech[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@2o7[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@bluestreak[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@cgi-bin[7].txt

C:\Documents and Settings\Stuart\Cookies\stuart@commission-junction[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tribalfusion[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@3.adbrite[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@opodo.122.2o7[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@sextracker[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adultadworld[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-autotrader.hitbox[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.itv[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@bs.serving-sys[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@questionmarket[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-dig.hitbox[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@spylog[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad1.clickhype[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@clicktorrent[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.yieldmanager[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@doubleclick[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@cgi-bin[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@data3.perf.overture[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@perf.overture[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@247realmedia[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@casalemedia[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@overture[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@stat.onestat[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@a[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@zango[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@statse.webtrendslive[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@counter15.sextracker[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@stats.channel4[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@hotlog[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@xiti[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@mediaplex[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@atoc.112.2o7[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@zedo[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adbrite[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@revsci[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tracking.summitmedia.co[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-nokiafin.hitbox[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@usenext[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@atdmt[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@yadro[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@cpvfeed[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adserver.adreactor[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@4.adbrite[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@sitestats.tiscali.co[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@msnportal.112.2o7[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.media-servers[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@haynet.adbureau[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@fastclick[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.zanox[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tracker.bitebbs[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@advertising[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@apmebf[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@as-eu.falkag[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@itxt.vibrantmedia[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@winantispyware[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@www.poweradvertising[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-tfl.hitbox[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tradedoubler[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@s[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adrevolver[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-twi.hitbox[4].txt

C:\Documents and Settings\Stuart\Cookies\stuart@interclick[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.adbrite[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@toplist[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.pointroll[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@serving-sys[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@netmediagroup[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adrevolver[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@atdmt[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.pointroll[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@paypal.112.2o7[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@anad.tacoda[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@doubleclick[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@image.masterstats[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@cz7.clickzs[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@mediaplex[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adultadworld[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@targetnet[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@zedo[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@stats.drivecleaner[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@sexlist[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@xiti[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@partners.adultadworld[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.mininova[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@advertising[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adbrite[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@toplist[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tacoda[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@fastclick[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adtech[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@hitbox[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@stats[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tracker.esecure-transaction[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@casalemedia[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tribalfusion[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@2o7[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@www.burstnet[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-twi.hitbox[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-dig.hitbox[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.tiscali[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-deltatre.hitbox[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.telegraph.co[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tracking.summitmedia.co[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-lexmark.hitbox[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@revsci[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.yieldmanager[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@sitestats.tiscali.co[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.tiscali[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@statcounter[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@2o7[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@questionmarket[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tribalfusion[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@zedo[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@hotlog[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@fastclick[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adbrite[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@adultfriendfinder[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@as-eu.falkag[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@tradedoubler[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ads.pointroll[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@serving-sys[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@yadro[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@advertising[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@revsci[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@hitbox[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@statse.webtrendslive[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-twi.hitbox[2].txt

C:\Documents and Settings\Stuart\Cookies\stuart@bs.serving-sys[1].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ad.yieldmanager[3].txt

C:\Documents and Settings\Stuart\Cookies\stuart@ehg-deltatre.hitbox[3].txt

C:\Documents and Settings\Guest\Cookies\guest@112.2o7[1].txt

C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt

C:\Documents and Settings\Guest\Cookies\guest@adtech[2].txt

C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt

C:\Documents and Settings\Guest\Cookies\guest@www.hxtrack[1].txt

C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt

C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt

C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt

C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt

C:\Documents and Settings\Guest\Cookies\guest@opodo.122.2o7[1].txt

C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt

C:\Documents and Settings\Guest\Cookies\guest@clicktorrent[1].txt

C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt

C:\Documents and Settings\Guest\Cookies\guest@roiservice[1].txt

C:\Documents and Settings\Guest\Cookies\guest@click.cashengines[2].txt

C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt

C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt

C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt

C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt

C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt

C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt

C:\Documents and Settings\Guest\Cookies\guest@media.fastclick[2].txt

C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt

C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[2].txt

C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt

C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt

C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt

C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt

C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt

C:\Documents and Settings\Guest\Cookies\guest@advertising[3].txt

C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt

C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt

C:\Documents and Settings\Guest\Cookies\guest@tacoda[3].txt

C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[3].txt

C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt

C:\Documents and Settings\Guest\Cookies\guest@ads.ak.facebook[1].txt

C:\Documents and Settings\Guest\Cookies\guest@advertising[4].txt

C:\Documents and Settings\Guest\Cookies\guest@adrevolver[5].txt

C:\Documents and Settings\Guest\Cookies\guest@adrevolver[4].txt

C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt

C:\Documents and Settings\Guest\Cookies\guest@ad.adserverplus[2].txt

C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt

C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt

C:\Documents and Settings\Guest\Cookies\guest@fastclick[4].txt

C:\Documents and Settings\Guest\Cookies\guest@paycounter[1].txt

C:\Documents and Settings\Guest\Cookies\guest@3.adbrite[2].txt

C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt

C:\Documents and Settings\Guest\Cookies\guest@bannersng.yell[1].txt

C:\Documents and Settings\Guest\Cookies\guest@sitestats.tiscali.co[1].txt

C:\Documents and Settings\Guest\Cookies\guest@ad.tiscali[1].txt

C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt

C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt

C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt

Adware.WhenU

HKCR\WUSN.1

HKCR\WUSN.1#WUSN_Id

C:\Program Files\Save\save.db

C:\Program Files\Save

C:\PROGRAM FILES\WINACE\VVSNINST.EXE

Adware.Zango Toolbar/Hb

HKCR\Wallpaper.WallpaperManager

HKCR\Wallpaper.WallpaperManager\CLSID

HKCR\Wallpaper.WallpaperManager\CurVer

HKCR\Wallpaper.WallpaperManager.1

HKCR\Wallpaper.WallpaperManager.1\CLSID

HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}

HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID

HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable

HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib

HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID

HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}

HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0

HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0

HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\FLAGS

HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}

HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid

HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32

HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib

HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib#Version

Adware.180solutions/ZangoSearch

C:\DOCUMENTS AND SETTINGS\STUART\LOCAL SETTINGS\TEMP\1807.TMP

[EliteKiller]

SJP, please see this thread: https://forums.superantispyware.com/viewtopic.php?t=516