to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum
and I am here to help you!
I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer
. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.
In the upper right hand corner of the topic you will see a button called Options
. If you click on this in the drop-down menu you can choose Track this topic
. By doing this and then choosing Immediate E-Mail notification
and then clicking on Proceed
you will be advised when we respond to your topic and facilitate the cleaning of your machine.
After 5 days if a topic is not
replied to we assume it has been abandoned and it is closed.
========== P2P Warning
Your log indicates that you have uTorrent
• Avoid gaming sites
, pirated software
, cracking tools
, and peer-to-peer
(P2P) file sharing
- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections
, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads
and malicious Flash ads
that install viruses, Trojans and spyware
. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories
and Risks of File-Sharing Technology
: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent
, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs
If you wish to keep it, please do not use it until your computer is cleaned.
I see you have run Combofix unsupervised.....this is ill advised!! This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!!
I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt
==========We need to create an OTL Report
- Please download OTL from one of the following mirrors:
- Save it to your desktop.
- Double click on the icon on your desktop.
- Click the "Scan All Users" checkbox.
- Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
- Push the button.
- Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please download GMER
from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended)
- Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
-- If you encounter any problems, try running GMER in Safe Mode
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and re-enable all active protection when done.
==========I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!
Again I would like to remind you to make no
further changes to your computer unless I direct you to do so. Your computer fix will be based on the current
condition of your computer! Any changes might delay my ability to help you.
==========With your next post please provide:
* Combofix logs from unsupervised run
* OTL Extra.txt
* Gmer log