HiJackThis file attached

Status
Not open for further replies.
J

javankrona

Okay, I give ...
... I've tried a number of fixes over, and over.

Attached are two HJT log files, one made running windows, the other in SafeMode.
 
Go here first to fix Trojans: How to remove Trojans and its ilk!

Boot in Safe Mode, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
EVERY single .exe file from the O4 group below

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
C:\Program Files\WareOut\WareOut.exe

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R3 - URLSearchHook: (no name) - {0AEB093B-C762-0BF2-B91C-A00176272B2F} - SysEntry.dll (file missing)
O2 - BHO: Internet Explorer Hot Fix - {2BAA0B20-D440-11D9-A8C8-005004D47E59} - C:\WINDOWS\SYSTEM\WDDOD.DLL (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe
O4 - HKLM\..\Run: [WhatsNewBot] iehelper.exe
O4 - HKLM\..\Run: [scanSYS] BoundRec.exe
O4 - HKLM\..\Run: [cspvc.exe] cspvc.exe
O4 - HKLM\..\Run: [dmmnz.exe] C:\WINDOWS\SYSTEM\dmmnz.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [TorontoMail] stuffmon.exe
O4 - HKCU\..\Run: [SetupExeDll] StartCpl.exe
O4 - HKCU\..\Run: [JAguAr] NopeZ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {D5830C60-3F08-11D3-A8C4-005004D47E59} - http://www.dell.com/ (file missing) (HKCU)

fix ALL your O16 - DPF: entries

Unless these IPs are from your ISP, fix this O17:
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal.

Go to www.getfirefox and STOP using Internet Explorer!
 
Status
Not open for further replies.

Similar threads

H
Windows 7 Successfully Installed on UEFI PC Won't Boot
Replies
2
Views
436
info12345
info12345
Hodsocks
Multi monitor issue
Replies
1
Views
447
Hodsocks
Hodsocks
D
Steam hits a new record of over 34 million concurrent users
Replies
11
Views
228
lesovers
L

Latest posts

Back