Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
---------------------------------------------------------------------------------------------
P2P - I see you have
P2P software (
Limewire Music, BitTorrent, DNA, P2P Energy Toolbar ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.
This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
References for the risk of these programs are
here,
here and
here.
I would strongly recommend that you uninstall them. You can do so via Control Panel >> Add or Remove Programs.
---------------------------------------------------------------------------------------------
Please
download OTMoveIt2 by OldTimer.
Save it to your
desktop. We'll use this shortly.
Please download
HijackThis to your desktop
Alternate link
Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Upon install, HijackThis should open for you. For Windows Vista, we need to run it a special way, so please close it.
Now, locate the shortcut on your desktop.
Open HijackThis by right clicking on it, and selecting Run As Administrator.
Click on 'Do a System Scan Only'. Check the following entries if they exist
(make sure you do not miss any) and click
Fix Checked
O4 - HKCU\..\Run: [anti find] "C:\ProgramData\Upload Cash Cash.nj48x7i"
O4 - HKCU\..\Run: [Frag Ooze Cash Scr] "C:\ProgramData\Hope Locks File.1l11x"
Close HijackThis now.
---------------------------------------------------------------------------------------------
Using OTMoveIt
- Please right click on OTMoveit2.exe and select "Run as an Administrator" to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Quote:
C:\ProgramData\Upload Cash Cash.nj48x7i
C:\ProgramData\Hope Locks File.1l11x
|
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
=========================================================
- Download deljob.exe and save it to your desktop.
- Double click on Deljob.exe.
- A log, (logit.txt) will open afterwards. If it doesn't, please locate this log on your C drive.
- Please post the contents of the logfile in your next reply.
==========================================================
Open HijackThis (right click on HijackThis.exe and select "Run as an Administrator") and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
Please return with logs from:
OTMoveIt
deljob (logit.txt)
HijackThis