I have reviewed your OTLPE log and your Farbar log. One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information
and download and execute files
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.P2P Warning!:
IMPORTANT I have noticed that there are signs of Limewire P2P (Peer to Peer)
File Sharing Programs on your computer.
As long as you are using any form of Peer-to-Peer
networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.
If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. FBI Cyber Education LetterFile sharing infects 500,000 computers infoworld
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Limewire
, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use Limewire until your computer is cleaned.Step 1.
I see you have run ComboFix. Please post a copy of the log it produced. It is located at C:\ComboFix.txt. Please post this before going on to step 2.
After posting continue with step 2 you do not need to wait on a response.Step 2.
Download the enclosed file. Attached File fixlist.txt
Save it in the USB drive.Insert
the USB drive
into the ailing computer. Run FRST
as you did before, except
that this time around click
on the Fix button
The tool will make a log on the flashdrive (Fixlog.txt
) please post it it your reply.Step 3.
Boot into Normal Mode. Delete your current copy of ComboFix.Download and Install a fresh copy of Combofix
from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications
, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running nowStep 4.
Please post:Old Combofix.txt
(in first reply)Fixlog.txt
New ComboFix.txtDescribe how the computer is running now.