Hello.
Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.
In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 awareremover2009.microsoft.com
O1 - Hosts: 91.212.127.227 awareremover2009.com
O1 - Hosts: 91.212.127.227 www.awareremover2009.com
O4 - HKLM\..\Run: [Dnadetohekafom] rundll32.exe "C:\WINDOWS\uyukawasaxov.dll",Startup
O4 - HKLM\..\Run: [ziretiyug] Rundll32.exe "c:\windows\system32\tilepilo.dll",a
O4 - HKCU\..\Run: [wow64main.exe] C:\DOCUME~1\Nick\LOCALS~1\Temp\wow64main.exe
O4 - HKCU\..\Run: [winhbt.exe] C:\DOCUME~1\Nick\LOCALS~1\Temp\winhbt.exe
O4 - HKCU\..\Run: [hwpwdrjt] C:\Documents and Settings\Nick\Local Settings\Application Data\klhwqm\hnjisysguard.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6BD15B-15AF-4DA8-9881-0D78B185B49B}: NameServer = 77.74.48.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6BD15B-15AF-4DA8-9881-0D78B185B49B}: NameServer = 77.74.48.113
O17 - HKLM\System\CS4\Services\Tcpip\..\{0C6BD15B-15AF-4DA8-9881-0D78B185B49B}: NameServer = 77.74.48.113
O18 - Filter hijack: text/html - {4de1db1b-bc66-4d2b-b0f6-75e0881959be} - C:\WINDOWS\batmeter16.dll
O20 - AppInit_DLLs: sikasiso.dll c:\windows\system32\tilepilo.dll
O21 - SSODL: nofahanol - {34cf1b34-6636-4f76-9dd4-23c6616af2b5} - c:\windows\system32\tilepilo.dll
O22 - SharedTaskScheduler: jugezatag - {34cf1b34-6636-4f76-9dd4-23c6616af2b5} - c:\windows\system32\tilepilo.dll
- Press "Fix Checked"
- Close Hijack This.
Please download and run this tool.
Download Malwarebytes' Anti-Malware from
HereDouble Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.Post the contents of the MBAM Log.