Go here first to fix Trojans:
How to remove Trojans and its ilk!
Boot in Safe Mode, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing
CTRL+ALT+DELETE.
Click the
Processes tab, select the process (if there) and click
End Process for:
EVERY single .exe file from the O4 group below
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
C:\Program Files\WareOut\WareOut.exe
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R3 - URLSearchHook: (no name) - {0AEB093B-C762-0BF2-B91C-A00176272B2F} - SysEntry.dll (file missing)
O2 - BHO: Internet Explorer Hot Fix - {2BAA0B20-D440-11D9-A8C8-005004D47E59} - C:\WINDOWS\SYSTEM\WDDOD.DLL (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\FIUZV.DLL (file missing)
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\
gah95on6.exe
O4 - HKLM\..\Run: [WhatsNewBot]
iehelper.exe
O4 - HKLM\..\Run: [scanSYS]
BoundRec.exe
O4 - HKLM\..\Run: [cspvc.exe]
cspvc.exe
O4 - HKLM\..\Run: [dmmnz.exe] C:\WINDOWS\SYSTEM\
dmmnz.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\
WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\
WareOut\WareOut.exe"
O4 - HKCU\..\Run: [TorontoMail]
stuffmon.exe
O4 - HKCU\..\Run: [SetupExeDll]
StartCpl.exe
O4 - HKCU\..\Run: [JAguAr]
NopeZ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {D5830C60-3F08-11D3-A8C4-005004D47E59} -
http://www.dell.com/ (file missing) (HKCU)
fix ALL your O16 - DPF: entries
Unless these IPs are from your ISP, fix this O17:
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.157,85.255.112.6
...................................................................................................
Now click on the
Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Rightclick IE on the desktop, select Properties, click on
Delete Cookies, and
Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal.
Go to
www.getfirefox and STOP using Internet Explorer!