also @ TechSpot: LG Display announces 5.0-inch, 1080p AH-IPS display for smartphones

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

HiJackThis file attached

Discussion in 'Virus and Malware Removal' started by javankrona, Sep 24, 2005.

Thread Status:
Not open for further replies.

  1. javankrona Newcomer, in training

    Okay, I give ...
    ... I've tried a number of fixes over, and over.

    Attached are two HJT log files, one made running windows, the other in SafeMode.
    javankrona, Sep 24, 2005
    #1

  2. RealBlackStuff Newcomer, in training

    Go here first to fix Trojans: How to remove Trojans and its ilk!

    Boot in Safe Mode, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    EVERY single .exe file from the O4 group below

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    C:\Program Files\WareOut\WareOut.exe

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    R3 - URLSearchHook: (no name) - {0AEB093B-C762-0BF2-B91C-A00176272B2F} - SysEntry.dll (file missing)
    O2 - BHO: Internet Explorer Hot Fix - {2BAA0B20-D440-11D9-A8C8-005004D47E59} - C:\WINDOWS\SYSTEM\WDDOD.DLL (file missing)
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
    O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe
    O4 - HKLM\..\Run: [WhatsNewBot] iehelper.exe
    O4 - HKLM\..\Run: [scanSYS] BoundRec.exe
    O4 - HKLM\..\Run: [cspvc.exe] cspvc.exe
    O4 - HKLM\..\Run: [dmmnz.exe] C:\WINDOWS\SYSTEM\dmmnz.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
    O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
    O4 - HKCU\..\Run: [TorontoMail] stuffmon.exe
    O4 - HKCU\..\Run: [SetupExeDll] StartCpl.exe
    O4 - HKCU\..\Run: [JAguAr] NopeZ.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Dell Home - {D5830C60-3F08-11D3-A8C4-005004D47E59} - http://www.dell.com/ (file missing) (HKCU)

    fix ALL your O16 - DPF: entries

    Unless these IPs are from your ISP, fix this O17:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal.

    Go to www.getfirefox and STOP using Internet Explorer!
    RealBlackStuff, Sep 25, 2005
    #2
Thread Status:
Not open for further replies.