First go to add/remove programs and see if there is an entry for WinTools. If so, uninstall it. Then do the following:
Download ad-aware here -> Adaware Antivirus Free Edition | FileForum
Check for updates of the reference file by using the “webupdate”.
Then …
Don’t scan yet. You will do it at the end in safe mode.
Then boot to safe mode.
CTL-ALT-DEL and verify the following are not running. If they are, end task on them:
WTOOLSA.EXE
WSUP.EXE
TB_SETUP.EXE
Then close all windows and have hijackthis fix the following:
O4 - HKLM…\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM…\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwe....0.0.5.cab
Then while in safe mode delete all the files in the C:\PROGRAM FILES\COMMON FILES\WINTOOLS Folder. Finally Delete the C:\PROGRAM FILES\COMMON FILES**WINTOOLS Folder.
Browse to the C:\WINDOWS\TEMP Folder and delete everything in it.
From main window :Click “Start” then " Activate in-depth scan"
then…
Open ad-aware
click “Use custom scanning options>Customize” and have these options on: “Scan within archives” ,“Scan active processes”,“Scan registry”, “Deep scan registry” ,“Scan my IE Favorites for banned URL” and “Scan my host-files”
then…
Click the “Tweak” button.
Open up the “Scanning Engine” section and tick “Unload recognized processes during scanning”
Then…“Cleaning engine” and “Let windows remove files in use at next reboot” and “Automatically try to unregister objects prior to deletion”
then… click “proceed” to save your settings.
Now to scan it´s just to click the “Next” button.
When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.
Reboot into normal mode and post another hijackthis log.