I sincerely apologize for reposting the thread but I read the disclaimer advising not to reply to your own topic within 48 hrs AFTER I had already replied to my topic.
Greetings everyone. My computer is in trouble.
I manage to download mbam and install but it won't run... I've already looked for that TDSys non plug and play driver or whatever the name is in the Hardware Device manager but it's not listed (AFTER showing hidden items). If any mods could delete the other thread I would appreciate it and again, apologies.
Pardon my ignorance on the matter as I don't maintain my pc as I should. I don't have another pc or laptop at the moment so I'm not at the liberty to run programs on other OS' and what not. I do have a USB memory stick though (not sure if that helps any)
Again pardon my ignorance in internet jargon and grammar and whatever else makes me seem more like an ignoramus.
Thank you for your help.
Attached is my HiJackThis log from my PC.
I am running Windows XP. My taskbar stays on hourglass so I can't use it)
I have no money to purchase a good AV program.
Hi,
* Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix in your next reply.
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
* Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix in your next reply.
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
I was asked in my thread to run ComboFix on my system. Should I be running this program (and others) in safe mode or "normal" mode?
QUOTE (miekiemoes @ Sep 29 2009, 10:02 AM) 
Hi,
* Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix in your next reply.
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
* Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix in your next reply.
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
I have downloaded Combofix.exe to my desktop but it won't run. I get an hourglass flicker and nothing more. Also I wanted to know when you say to disable the Antivirus/Antispyware/Firewall does that include the fake antivirus programs like Personal Antivirus or PC AntiSpyware? Also fyi my taskbar is frozen for a really long time before it starts to function don't know if that affects anything. Seems like clean this computer a little late. This is sort of new behavior.
Hi,
Please do next..
Download and run Win32kDiag:
Please do next..
Download and run Win32kDiag:
- 1. Download Win32kDiag from any of the following locations and save it to your Desktop.
- Download Win32kDiag (Win32kDiag.exe) - #1
- Download Win32kDiag (Win32kDiag.exe) - #2
- Download Win32kDiag (Win32kDiag.exe) - #3
2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
QUOTE (miekiemoes @ Sep 30 2009, 02:50 AM)
Hi,
Please do next..
Download and run Win32kDiag:
Please do next..
Download and run Win32kDiag:
- 1. Download Win32kDiag from any of the following locations and save it to your Desktop.
- Download Win32kDiag (Win32kDiag.exe) - #1
- Download Win32kDiag (Win32kDiag.exe) - #2
- Download Win32kDiag (Win32kDiag.exe) - #3
2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Good morning (bout 7:25am here)
The following is the contents of the Win32kDiag.txt file created after running the exe:
Running from: C:\Documents and Settings\Ati\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Ati\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
Hi,
Do next please, exactly the way I describe..
Delete the combofix from your desktop.
Then, Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
If you still cannot get this to run, try booting into Safe Mode, and run it there.
To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."
If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...
Do next please, exactly the way I describe..
Delete the combofix from your desktop.
Then, Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
----------------------------------------------------------- - Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
If you still cannot get this to run, try booting into Safe Mode, and run it there.
To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."
If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...
Understood. Before I attempt this though, you didn't answer my other question. When you say disable your antivirus, antimalware and software and the sort, do you also mean the programs caused by the viruses, malwares and such?
QUOTE (offsafety @ Sep 30 2009, 06:36 PM)
Understood. Before I attempt this though, you didn't answer my other question. When you say disable your antivirus, antimalware and software and the sort, do you also mean the programs caused by the viruses, malwares and such?
ie PC AntiSPYWARE and Personal Antivirus
QUOTE
do you also mean the programs caused by the viruses, malwares and such?
No, the good ones, because they interfere. The bad ones need to be deleted anyway and that's why we use the extra tools to make it easier for deletion, because they don't allow it to delete like that.
As you requested:
QUOTE (offsafety @ Oct 1 2009, 11:42 PM)
As you requested:
Hi,
Go to start > run and copy and paste next command in the field:
sc delete RPCM
Hit enter.
Then, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Then, * Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Reboot and Let me know in your next reply how things are now.
Go to start > run and copy and paste next command in the field:
sc delete RPCM
Hit enter.
Then, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
Then, * Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Reboot and Let me know in your next reply how things are now.
Hello,
I followed instructions and have noticed improvement on my cpu speed. I still have the "Personal Antivirus" on my system. and it is still saying that I have a Trojan.
I followed instructions and have noticed improvement on my cpu speed. I still have the "Personal Antivirus" on my system. and it is still saying that I have a Trojan.
Hi,
* Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
* Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
- Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Again, as requested, the Malwarebytes report, followed by the fresh Hijackthis log:
Malwarebytes' Anti-Malware 1.41
Database version: 2897
Windows 5.1.2600 Service Pack 3
10/2/2009 7:25:03 PM
mbam-log-2009-10-02 (19-25-03).txt
Scan type: Quick Scan
Objects scanned: 129370
Time elapsed: 5 minute(s), 28 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 14
Memory Processes Infected:
C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-AntiSpyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Glenys\Desktop\SpeedScan_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Downloads\Swap.Magic.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\logs\1208113869.log (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ati\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Database version: 2897
Windows 5.1.2600 Service Pack 3
10/2/2009 7:25:03 PM
mbam-log-2009-10-02 (19-25-03).txt
Scan type: Quick Scan
Objects scanned: 129370
Time elapsed: 5 minute(s), 28 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 14
Memory Processes Infected:
C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-AntiSpyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Glenys\Desktop\SpeedScan_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Downloads\Swap.Magic.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elijah\Application Data\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenys\Application Data\PC-Antispyware\logs\1208113869.log (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV\PAV.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ati\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Hi,
This is an older HijackThislog you posted. Can you rescan with Hijackthis and post again?
Also, let me know how things are right now.
This is an older HijackThislog you posted. Can you rescan with Hijackthis and post again?
Also, let me know how things are right now.
QUOTE (miekiemoes @ Oct 3 2009, 03:02 AM)
Hi,
This is an older HijackThislog you posted. Can you rescan with Hijackthis and post again?
Also, let me know how things are right now.
This is an older HijackThislog you posted. Can you rescan with Hijackthis and post again?
Also, let me know how things are right now.
Hello,
I'm very sorry. Attached is a current hijackthis log. Things are running much smoother now. The Personal Antivirus is gone. I see no signs of malware, spyware or the such right now. I'm really not sure how to analyze the system better to provide you with a better answer.
QUOTE (offsafety @ Oct 3 2009, 07:12 AM)
Hello,
I'm very sorry. Attached is a current hijackthis log. Things are running much smoother now. The Personal Antivirus is gone. I see no signs of malware, spyware or the such right now. I'm really not sure how to analyze the system better to provide you with a better answer.
I'm very sorry. Attached is a current hijackthis log. Things are running much smoother now. The Personal Antivirus is gone. I see no signs of malware, spyware or the such right now. I'm really not sure how to analyze the system better to provide you with a better answer.
quick update: I notice that IE is still redirecting me to sites other than the ones I'm typing in.
Hi,
Can you redownload and run Combofix again as well? Then post the log in your next reply. This to make sure.
Also, can you tell me to what sites it redirects for example? Is this when you search via google or so?
Can you redownload and run Combofix again as well? Then post the log in your next reply. This to make sure.
Also, can you tell me to what sites it redirects for example? Is this when you search via google or so?
QUOTE (miekiemoes @ Oct 3 2009, 07:27 AM)
Hi,
Can you redownload and run Combofix again as well? Then post the log in your next reply. This to make sure.
Also, can you tell me to what sites it redirects for example? Is this when you search via google or so?
Can you redownload and run Combofix again as well? Then post the log in your next reply. This to make sure.
Also, can you tell me to what sites it redirects for example? Is this when you search via google or so?
Hi!
Here's my combofix log.
I'm going to have to ask you to disregard last post about the IE redirecting me. I was under the influence of alcohol and am not 100% sure if I mistyped a url. Google seems to be working fine.
QUOTE
I'm going to have to ask you to disregard last post about the IE redirecting me. I was under the influence of alcohol and am not 100% sure if I mistyped a url. Google seems to be working fine.
Lol, that makese sense as well.Don't drink and surf?
Everything looks OK here though.
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
QUOTE (miekiemoes @ Oct 3 2009, 02:11 PM)
Lol, that makese sense as well.
Don't drink and surf?
Everything looks OK here though.
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
Don't drink and surf?
Everything looks OK here though.
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
Hello again!
Sorry for the delayed response. I have been doing everything you told me, step by step. I've chosen to use a combination of AVG, COMODO (just the firewall), and of course, Malwarebytes Anti-Malware. I've also run the Startup Lite program, and last night I defrag'ed my C:/
One question though, am I supposed to check and fix the all of the results on combo-fix's or malwarebytes? I'm pretty sure I skipped that the last few times I ran them. Guess I was focused on the logs and I didn't take notice.
Update:
I ran Malwarebytes Anti-Malware again this morning.
It didn't find anything malicious but I don't know about the last combofix sweep I ran (the one I attached last).
At this point I'm not sure if I'm being through, paranoid or both.
I ran Malwarebytes Anti-Malware again this morning.
It didn't find anything malicious but I don't know about the last combofix sweep I ran (the one I attached last).
At this point I'm not sure if I'm being through, paranoid or both.
Hi,
There's nothing strange anymore in the latest Combofix log. It already did its job there, so all you have to do is uninstall it again as I already posted before:
There's nothing strange anymore in the latest Combofix log. It already did its job there, so all you have to do is uninstall it again as I already posted before:
QUOTE
* Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Thank you sooo much your help was invaluable. I can't say thank you enough.
You're most welcome
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.