TechSpot

HiJackThis file attached

By javankrona
Sep 24, 2005
  1. Okay, I give ...
    ... I've tried a number of fixes over, and over.

    Attached are two HJT log files, one made running windows, the other in SafeMode.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Go here first to fix Trojans: How to remove Trojans and its ilk!

    Boot in Safe Mode, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    EVERY single .exe file from the O4 group below

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    C:\Program Files\WareOut\WareOut.exe

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    R3 - URLSearchHook: (no name) - {0AEB093B-C762-0BF2-B91C-A00176272B2F} - SysEntry.dll (file missing)
    O2 - BHO: Internet Explorer Hot Fix - {2BAA0B20-D440-11D9-A8C8-005004D47E59} - C:\WINDOWS\SYSTEM\WDDOD.DLL (file missing)
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
    O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe
    O4 - HKLM\..\Run: [WhatsNewBot] iehelper.exe
    O4 - HKLM\..\Run: [scanSYS] BoundRec.exe
    O4 - HKLM\..\Run: [cspvc.exe] cspvc.exe
    O4 - HKLM\..\Run: [dmmnz.exe] C:\WINDOWS\SYSTEM\dmmnz.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
    O4 - HKCU\..\Run: [TorontoMail] stuffmon.exe
    O4 - HKCU\..\Run: [SetupExeDll] StartCpl.exe
    O4 - HKCU\..\Run: [JAguAr] NopeZ.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Dell Home - {D5830C60-3F08-11D3-A8C4-005004D47E59} - http://www.dell.com/ (file missing) (HKCU)

    fix ALL your O16 - DPF: entries

    Unless these IPs are from your ISP, fix this O17:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal.

    Go to www.getfirefox and STOP using Internet Explorer!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...