Download KillBox here:
http://killbox.net/downloads/KillBox.exe
Save it to your desktop.
DO NOT run it yet.
Please download ATF Cleaner by Atribune.
ATF Cleaner.exe and save it to the desktop.
DO NOT run it yet.
----------
1. Click
Start.
2. Select
Control Panel.
3. Select the
Tools menu and click
Folder Options.
4. Select the
View Tab.
5. Under the Hidden files and folders heading select
Show hidden files and folders.
6.
Uncheck the Hide extensions for known file types option.
7.
Uncheck the Hide protected operating system files (recommended) option.
8. Click
Apply.
9. Click
OK.
----------
Click
Start > Run > and type in:
services.msc
Click
OK.
In the services window find
WinToolsSvc
Right click and choose "
Properties". On the "
General" tab under "
Service Status" click the "
Stop" button to stop the service. Beside "
Startup Type" in the drop down menu select "
Disabled". Click Apply then OK. Exit the Services utility.
Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.
---
1. Click on start, then settings, and then control panel.
2. Double-click on the Add/Remove programs icon.
3. Scroll down till you see an entry that contains the word
WinTools and then uninstall it
4. Follow all the prompts asking to uninstall and reboot when it asks.
5. After it has rebooted fix any entries in HijackThis for WinTools
6. Delete the following files and or folders: (in bold)
C:\Program Files\Common Files\COMMON Files\
WinTools\WToolsA.exe
----------
Open HijackThis and select
Do a system scan only then place a check mark next to: (if there)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c9.cab
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Next close all windows except for HijackThis and click
Fix checked
----------
1) Please print off these instructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found.
----------
Boot into
Safe Mode
* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the
F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the
Safe Mode option is selected.
* Press
Enter. The computer then begins to start in Safe mode.
* Login on your usual account.
Double-click on
Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "
Full Path of File to Delete" box, copy and paste the following line into it.
C:\WINDOWS\system32\procmsg.exe
Then click on the button that has the red circle with the
X in the middle.
It will ask for confimation to delete the file.
Click
Yes.
Then run ATF Cleaner.
Make sure that
all browser windows are closed.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
If you use Firefox browser
* Click Firefox at the top and choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser
* Click
Opera at the top and choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
Click
Exit on the Main ATF Cleaner menu to close the program.
Reboot to Normal Mode.
----------
Post a new HijackThis log.