Before using HijackThis Please Do the Following:
Show hidden files and folders:
For XP:- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders.
- If you see a warning message, click Yes.
- Click Apply.
- Click OK.
Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).
How to disable system restore:
WinXP.- Click the Start button.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Please download
CCleaner
Download the Hoster from
here.
Then go to add and remove programs and uninstall these if present:
wintools
Media Gateway
pib Toolbar
WebSearch toolbar
During the uninstall process, you will be presented with several prompts to guide you through uninstalling the product. Read these carefully to make sure you are actually choosing to uninstall rather than keep the software.
** Note: I find it particularly funny that after the install, the company actually pops up a screen telling you its not spyware and guiding you to buy spyware removal software with what appears to be affiliate links that the company would profit from.
Click Start>Run and type in: services.msc
Click OK
In the Services window find:
WebSeach Toolbar support NT service
WinTools for IE service
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Open
HJT and click config > misc tools > “delete an NT service”
Copy and past:
TBPSSvc
WinToolsSvc
Click OK.
Then boot in safemode (hit f8 when booting up)
Remove the Startup Entries in the Registry
Click on Start, Run, Type REGEDIT and Click OK
Click the pluses(+) next to the following items
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
Right-Click on the file WinTools and click DELETE
Click the pluses(+) next to the following items
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
RunServices
Right-Click on the file WinTools and click DELETE
Close REGEDIT
Then fix these with
hjt:
(if still present)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\
WinTools\WToolsB.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\
Toolbar\toolbar.dll
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\
Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [pm5ifsp9] C:\WINDOWS\system32\
pm5ifsp9.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/18...ridge-c445.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
Then delete the files in bold and run Ccleaner.
Now start Hoster and Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original Hosts file.
And last after rebooting , run an Ewido scan:
Download
Ewido Security Suite- Install Ewido Security Suite.
- When installing, under Additional Options uncheck Install background guard and Install scan via context menu
- Launch Ewido, there should be a big "E" icon on your desktop, double-click it.
- The program will prompt you to update click the "OK" button
- The program will now go to the main screen
- You will need to update Ewido to the latest definition files.
- On the left hand side of the main screen click update
- Click on Start
- The update will start and a progress bar will show the updates being installed.*
- After the updates are installed, exit ewido.
Once the updates are installed do the following:
- If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
- Reboot into Safe Mode, restart your computer, tap the F8* key. Use your up arrow key to highlight Safe Mode, then hit enter.
Close all open windows/programs/folders and then run Ewido.* Have nothing else open while ewido performs its scan!
- Click on Scanner , Settings
- Under "How to scan" all boxes should be selected
- Under "Possibly unwanted software" all boxes should be selected
- Under "What to scan" select scan every file
- Click OK, Complete system scan
- Let the program scan the machine
- If ewido finds anything, it will pop up a notification.*
NOTE:* We have been finding some cases of false positives with the new version of Ewido, so you need to step through the fixes one-by-one.* If Ewido finds something that you
KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged.* In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action.*
DO NOT check "Perform action with all infections."* If you are unsure of an entry, select "none" for the time being.* We will see that in the log when you post it later and let you know if ewido needs to be run again.
Once the scan has completed, there will be a button located on the bottom of the screen named
Save report.
Click Save report. Save the report to your desktop, exit ewido
Note:
If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and run a new scan.
After that please post the Ewido log and a new Hijackthis log.
Also i see you have no firewall , to be protected from things like this it is recommended to have one , have a look in our download section for some free ones.
Something is eating my programs
, please help. I use XP and have relatively new, 2 years , powerful desktop PC . 
Linear Mode
