offsafety
Members-
Posts
20 -
Joined
-
Last visited
Reputation
0 Neutral-
Hello again! Sorry for the delayed response. I have been doing everything you told me, step by step. I've chosen to use a combination of AVG, COMODO (just the firewall), and of course, Malwarebytes Anti-Malware. I've also run the Startup Lite program, and last night I defrag'ed my C:/ One question though, am I supposed to check and fix the all of the results on combo-fix's or malwarebytes? I'm pretty sure I skipped that the last few times I ran them. Guess I was focused on the logs and I didn't take notice.
-
Again, as requested, the Malwarebytes report, followed by the fresh Hijackthis log: Malwarebytes' Anti-Malware 1.41 Database version: 2897 Windows 5.1.2600 Service Pack 3 10/2/2009 7:25:03 PM mbam-log-2009-10-02 (19-25-03).txt Scan type: Quick Scan Objects scanned: 129370 Time elapsed: 5 minute(s), 28 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 9 Files Infected: 14 Memory Processes Infected: C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC-AntiSpyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Elijah\Application Data\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenys\Application Data\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Glenys\Desktop\SpeedScan_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Downloads\Swap.Magic.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\logs\1208113869.log (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Ati\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully. hijackthislog.txt
-
Good morning (bout 7:25am here) The following is the contents of the Win32kDiag.txt file created after running the exe: Running from: C:\Documents and Settings\Ati\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Ati\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!
-
I have downloaded Combofix.exe to my desktop but it won't run. I get an hourglass flicker and nothing more. Also I wanted to know when you say to disable the Antivirus/Antispyware/Firewall does that include the fake antivirus programs like Personal Antivirus or PC AntiSpyware? Also fyi my taskbar is frozen for a really long time before it starts to function don't know if that affects anything. Seems like clean this computer a little late. This is sort of new behavior.