Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
---------------------------------------------------------------------------------------------
P2P - I see you have
P2P software (
Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.
This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
References for the risk of these programs are
here,
here and
here.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
---------------------------------------------------------------------------------------------
- Please download OTMoveIt2 by OldTimer.
Save it to your desktop. We'll use this later.
- Windows Defender
Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.- Open Windows Defender.
- Click on Tools>Options.
- Scroll down and uncheck "Use real-time protection (recommended)".
- After you uncheck this, click on the Save button and close Windows Defender.
- Open HijackThis by right clicking on it, and selecting Run As Administrator.
Click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtTlIxW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\chris\AppData\Local\Temp\ljJCuuSI.dll,#1
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\chris\AppData\Local\Temp\irvmqpqr.dll",b
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\chris\AppData\Local\Temp\wiornwvb.dll",s
Close HijackThis now.
---------------------------------------------------------------------------------------------
- Please right click on OTMoveit2.exe and select "Run as an Administrator" to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Quote:
C:\Windows\system32\awtTlIxW.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E243A8E7-6244-49E0-A361-22DBF30FD46C}
|
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
---------------------------------------------------------------------------------------------
Please download
Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
---------------------------------------------------------------------------------------------
Open HijackThis (by right clicking on it and selecting Run as Administrator) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
---------------------------------------------------------------------------------------------