Jump to content


Photo
- - - - -

ONLINE ARMOR NOT WORK


  • This topic is locked This topic is locked
107 replies to this topic

#1 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 19 July 2012 - 05:24 PM

PLZ SEE ATTACH

#2 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 19 July 2012 - 06:00 PM

http://www.multiupload.nl/0R4Q2350U6

#3 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 July 2012 - 08:26 PM

Do not use file upload services to upload your logs.

If your logs will not attach they are either too big or the file extension is not allowed.

If they are to big the zip them with a tool such as 7-zip.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#4 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 20 July 2012 - 09:47 AM

[attachment=12746:2121.7z]

#5 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 20 July 2012 - 05:32 PM

This is the malware removal forum, if you need asistance only with OA then I can move the thread to the proper forum. Otherwise: All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use

To Highlight a few:

  • If you are seeking help make sure to only create one thread per problem at a time. Multiple threads about the same problem will get closed.
  • To keep the threads clean please don't post the content of log or report files directly in your reply. Instead please attach any reports or logs you were asked to submit as a file attachment.
  • Don't use any kind of "l33t" speak or slang and always keep in mind that most of the other people here don't speak English as their native language.
  • Asking for help is only allowed in the forums. Requesting help via PM or mail is prohibited.
  • Because of the potential for harm only selected members as well as our employees are allowed to offer help in the malware removal sections of the forum. If you have a strong malware fighting background and want to help please contact Emsi, Fabian Wosar and ShadowPuterDude (yes, all three of them) via forum PM.


Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#6 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 23 July 2012 - 01:46 PM

attach files

#7 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 23 July 2012 - 04:02 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    SRV - (sosnfusv) --  File not found
    SRV - (SOSNFLSV) --  File not found
    SRV - (SOSNFFSV) --  File not  
    DRV - (WDICA) --  File not found
    DRV - (SMR300) -- System32\drivers\SMR300.SYS File not found
    DRV - (SMR250) --  File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (pccsmcfd) --  File not found
    DRV - (NETwNx32) ___ Intel(R) --  File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (FltMgr) --  File not found
    DRV - (DUMeterDrv) --  File not found
    DRV - (Changer) --  File not found
    DRV - (catchme) -- C:\DOCUME~1\LLLLLL~1\LOCALS~1\Temp\catchme.sys File not found
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O32 - AutoRun File - [2012/04/28 15:24:20 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
    [1 C:\Documents and Settings\llllllllllllllllllll\*.tmp files -> C:\Documents and Settings\llllllllllllllllllll\*.tmp -> ]
    [2012/07/18 04:59:03 | 022,691,190 | ---- | M] () -- C:\videoplayback_113.FLV
    [2012/07/18 04:27:16 | 009,876,100 | ---- | M] () -- C:\videoplayback_112.FLV
    [2012/07/17 08:12:58 | 007,714,231 | ---- | M] () -- C:\ddabd02aa486068361116f91e1a38308.mp4
    [2012/07/16 00:22:51 | 000,048,065 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342390961.bdinstall.bin
    [2012/07/15 23:48:06 | 000,048,065 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342388879.bdinstall.bin
    [2012/07/15 23:46:05 | 000,048,059 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342388752.bdinstall.bin
    [2012/07/15 23:44:42 | 000,048,065 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342388676.bdinstall.bin
    [2012/07/15 23:43:28 | 000,212,535 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342388527.bdinstall.bin
    [2012/07/15 23:36:29 | 000,048,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342388054.bdinstall.bin
    [2012/07/15 23:32:30 | 000,048,065 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342387800.bdinstall.bin
    [2012/07/15 23:27:37 | 000,212,777 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342387609.bdinstall.bin
    [2012/07/14 04:03:19 | 000,048,065 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342231388.bdinstall.bin
    [2012/07/14 03:11:02 | 000,205,041 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1342228140.bdinstall.bin
    [2012/07/13 23:55:45 | 027,911,434 | ---- | M] () -- C:\videoplayback_88.FLV
    [2012/07/10 03:21:13 | 000,000,213 | ---- | M] () -- C:\u.ini
    [2012/07/09 04:52:33 | 018,124,584 | ---- | M] () -- C:\videoplayback_65.FLV
    [2012/07/09 01:44:54 | 008,113,241 | ---- | M] () -- C:\vclf.mp4
    [2012/07/09 01:43:48 | 008,962,306 | ---- | M] () -- C:\8jh.mp4
    [2012/07/05 17:34:06 | 006,582,601 | ---- | M] () -- C:\sucking and swallowing cum clip 4.wmv
    [2012/06/29 07:14:56 | 000,000,000 | ---- | M] () -- C:\osy3.sys
    [2012/06/25 02:48:03 | 000,000,117 | ---- | M] () -- C:\euronics.asx
    [2012/07/16 04:07:02 | 000,357,337 | ---- | C] () -- C:\Program Files\EAM-TR.exe
    [2012/07/16 01:29:31 | 010,354,641 | ---- | C] () -- C:\videoplayback_102.FLV
    [2012/07/16 00:22:45 | 011,694,047 | ---- | C] () -- C:\videoplayback_101.FLV
    [2012/07/15 04:36:42 | 057,464,596 | ---- | C] () -- C:\videoplayback_100.FLV
    [2012/07/15 04:36:32 | 057,464,596 | ---- | C] () -- C:\videoplayback_99.FLV
    [2012/07/15 04:36:26 | 011,616,352 | ---- | C] () -- C:\videoplayback_98.FLV
    [2012/07/15 04:34:21 | 001,228,895 | ---- | C] () -- C:\videoplayback_97.FLV
    [2012/07/15 03:54:43 | 004,837,898 | ---- | C] () -- C:\videoplayback_96.FLV
    [2012/07/15 03:00:23 | 002,718,091 | ---- | C] () -- C:\videoplayback_95.FLV
    [2012/07/15 02:32:48 | 002,953,463 | ---- | C] () -- C:\videoplayback_94.FLV
    [2012/07/15 00:24:48 | 016,979,096 | ---- | C] () -- C:\videoplayback_93.FLV
    [2012/07/15 00:20:30 | 005,118,006 | ---- | C] () -- C:\videoplayback_92.FLV
    [2012/07/10 03:07:35 | 004,099,944 | ---- | C] () -- C:\videoplayback_66.FLV
    [2012/07/09 04:50:56 | 018,124,584 | ---- | C] () -- C:\videoplayback_65.FLV
    [2012/06/20 02:13:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D36303DF-0AF1-460C-9A26-C4D3BAE007EE}
    @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#8 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 26 July 2012 - 05:05 PM

Thread Closed

Reason:
Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#9 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 02 August 2012 - 08:41 PM

Thread opened at original posters request.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#10 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 02 August 2012 - 08:48 PM

would you help me
http://support.emsis...attach_id=12746


#11 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 02 August 2012 - 08:50 PM

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on Combo-Fix & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#12 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 03 August 2012 - 12:12 PM

combofix

#13 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 03 August 2012 - 03:29 PM

Now we need to use ComboFix to remove some stuff.
  • Make sure that the copy of ComboFix that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it
(make sure you scroll all the way down in the code box to get all lines selected ):
KillAll::

File::
C:\WINDOWS\atemp.tmp
C:\DH Temp.tmp

Driver::
SMR250
SMR300
SOSNFFSV
DUMeterDrv
NETwNx32

Quit::
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix
    Posted Image
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below
Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#14 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 04 August 2012 - 12:46 PM

combofix

#15 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 04 August 2012 - 06:45 PM

Online Armor still not working?
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#16 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 05 August 2012 - 04:55 PM

when i drag CFScript.txt on top of ComboFix
Posted Image combo fix run

#17 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 05 August 2012 - 07:11 PM

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.

    Posted Image
  • Click Change parameters

    Posted Image
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK

    Posted Image
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    Posted Image
  • When it finishes, you will either see a report that no threats were found like below:
    Posted Image

    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    Posted Image
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these laater. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
      Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    Posted Image
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Attach this log to your next reply.

Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#18 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 05 August 2012 - 11:05 PM

attach

#19 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 05 August 2012 - 11:26 PM

Your TDSSKiller log looks fine.

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you receive an error message, chose a different source, then click Start again
  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#20 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 05 August 2012 - 11:56 PM

attach

#21 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 12:07 AM

Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program
    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFile('C:\WINDOWS\system32\MsSip1.dll');
     DeleteFile('C:\WINDOWS\system32\MsSip2.dll');
     DeleteFile('C:\WINDOWS\system32\MsSip3.dll');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1','$DLL');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2','$DLL');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3','$DLL');
    ExecuteSysClean;
    RebootWindows(true);
    end.
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.
Attach a fresh AVZ log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#22 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 12:22 AM

online armor just firewall also the emsisoft anti mlawre the same problem

#23 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 12:36 AM

I'm not seeing anything in your logs that would explain what is causing the issues with OA and EAM that are having.

Download to your desktop OSAM Autorun Manager Portable from http://www2.online-s...le.php?p=131115

This is a RAR archive and you will need a program like 7-zip, http://downloads.sou...enzip/7z464.msi to unpack the archive.

Install 7-zip

Right click on osam_autorun_manager_portable.rar, select "7-Zip" -> Extract to "osam_autorun_manager_portable"

Open osam_autorun_manager_portable, double-click osam.exe.

When OSAM begins to run, click "Next" until you get to "Close" then click on "Close"

Press the second button in the top menu ("Save Log" button).

The standard Windows "Save as" dialog will appear.

You need to save a report in the .log format (not .html).

Save the log file somewhere you can find it, zip the log file, and attach the zip archive to your next reply.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#24 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 12:57 AM

log

#25 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 01:09 AM

1. Start OSAM, click "Next" until you get to "Close" then click on "Close".
2. Click on the "Settings" button in the top menu: and then change the value for "Disable objects using the driver" option to "Always".
3. Disable the following entries by removing the checkmarks in the checkboxes:
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\DOCUME~1\LLLLLL~1\LOCALS~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"FltMgr" (FltMgr) - ? - C:\WINDOWS\system32\drivers\FltMgr.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\system32\drivers\pccsmcfd.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? -   (File not found | COM-object registry key not found)
{84058084-7609-44D1-B3CC-7A9436CB6D92} "Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? -   (File not found | COM-object registry key not found)
{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
ITBar7Position "ITBar7Position" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}" - ? -   (File not found | COM-object registry key not found) / http://quickscan.bitdefender.com/qsax/qsax.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "{644E432F-49D3-41A1-8DD5-E099162EEEC5}" - ? -   (File not found | COM-object registry key not found) / http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
AutorunsDisabled "AutorunsDisabled" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\llllllllllllllllllll\Start Menu\Programs\Startup\desktop.ini

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
4. Once you have finished with the disabling the items, press the "Apply" button.
5. Press the "Close" button.
6. Press the "Reboot now" button.

Once your computer has rebooted.

1. Start the OSAM again - you will see the report about deleted entries.
2. Press the "Settings" button to change the value for "Disable objects using the driver" option back to "For undeletable objects only".
3. And then use the "Delete from storage" function to delete the disabled items.
4. Exit OSAM
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#26 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 02:31 AM

attach

#27 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 01:11 PM

even syestem restore not working>

#28 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 04:26 PM

Download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please attach the log to your reply.

Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#29 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 06:47 PM

attach

#30 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 07:11 PM

Download to your Desktop, RegPatches.zip (Attached below)

Extract the contents of RegPatches.zip to your Desktop.

You should now have the following registry patches on the Desktop:
Dnscache.reg
LEGACY_DNSCACHE.reg
LEGACY_SR.reg
LEGACY_SRSERVICE.reg
LEGACY_WSCSVC.reg
LEGACY_WUAUSERV.reg
sr.reg
srservice.reg
wscsvc.reg
wuauserv.reg


Locate Dnscache.reg, LEGACY_DNSCACHE.reg, LEGACY_SR.reg, LEGACY_SRSERVICE.reg, LEGACY_WSCSVC.reg, LEGACY_WUAUSERV.reg, sr.reg, srservice.reg, wscsvc.reg, wuauserv.reg on your Desktop. Double-click on each one, one at at time, and answer 'Yes' when asked if you want to merge with the registry.

Do the following:
Start -> Run
type cmd
Click "OK"

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.
net start Dnscache
net start srservice
net start sr
net start wscsvc
net start wuauserv
exit

Let me know if there were any error messages, and what they were.

Run a fresh scan with FSS, attach the new FSS log to your next reply.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#31 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 07:38 PM

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\llllllllllllllllllll>net start Dnscache
System error 1058 has occurred.

The service cannot be started, either because it is disabled or because it has n
o enabled devices associated with it.


C:\Documents and Settings\llllllllllllllllllll>
C:\Documents and Settings\llllllllllllllllllll>net start Dnscache
System error 1058 has occurred.

The service cannot be started, either because it is disabled or because it has n
o enabled devices associated with it.

#32 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 07:45 PM

Do the following:
Start -> Run
type cmd
Click "OK"

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.
sc config Dnscache start= auto
net start Dnscache
exit

Any errors?
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#33 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 07:52 PM

this work but what about oa+eam?

#34 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 07:59 PM

this work but what about oa+eam?

That's outside the scope of this thread. Once I'm comfortable that malware is not the issue and everything else is working properly, then you will need to start support requests in the appropriate forums for EAM & OA.

Run a fresh scan with FSS and attach the new FSS log.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#35 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 08:09 PM

attach

#36 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 08:29 PM

Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com
  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Remove Policies Set By Infections
    • Repair Winsock & DNS Cache
    • Repair Proxy Settings
    • Repair Windows Updates
    • Repair Volume Shadow Copy Service
    • Set Windows Services To Default Startup
    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)
Run a fresh scan with FSS, attach the new FSS log.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#37 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 06 August 2012 - 08:59 PM

attach

#38 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 06 August 2012 - 10:01 PM

Run OTL:
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Underneath Output at the top change it to Minimal Output.
  • Underneath Extra Registry change it to Use SafeList.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt.

    Note: These logs can be located in the _OTL folder on your C:/ drive if they fail to open automatically.
Attach both OTL.txt and Extras.txt to your next reply.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#39 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 07 August 2012 - 02:08 AM

1212

#40 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 07 August 2012 - 06:23 PM

Where is the Extras.txt I asked for?

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#41 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 08 August 2012 - 11:32 PM

plz see this pictures

#42 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 09 August 2012 - 01:27 AM

Using Add or Remove Programs in the Control Panel; uninstall the following:
Java(TM) 6 Update 22
Java(TM) 6 Update 31

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#43 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 09 August 2012 - 02:30 AM

do you see the pictures ?

the problem not solve until now

i have some questions

how can i boost the speed of shutdown and start up ?

tune up utilite tell me Recommendations but other program tell other Recommendations! like Auslogics

can you tell me some recommendations about this

do you recommend a program from this advanced syestem care +tuneup+ccleaner+Auslogics

if you have better program tell me!

how can i boost cpu and ram speed


do you now any program

also i want to know ho can i configure my internet settings
Auslogics tell me some Recommendations but tune up tell me other Recommendations

do you know any good program my internet speed from 0.5 to 2.5 mbps my internet type wimax usb modem

#44 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 09 August 2012 - 03:04 AM

run scanner if you need

#45 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 09 August 2012 - 02:39 PM

do you see the pictures ?

Yes, I see then.

the problem not solve until now

Not it's not. What do you think we have been working on?

how can i boost the speed of shutdown and start up ?

BY uninstalling or disabling the number of items that you have loading at system/windows start.

tune up utilite tell me Recommendations but other program tell other Recommendations! like Auslogics

can you tell me some recommendations about this

You should be only using one of those.

do you recommend a program from this advanced syestem care +tuneup+ccleaner+Auslogics

See above. This is overkill. It is not a case of if 1 is good then 2 or 3 is better. 1 and only 1 program of that class In this case, I recommend you keep Tune Up Utilities. CCleaner is not the same as the other 3. You can keep CCleaner installed.

how can i boost cpu and ram speed

Don't, you will shorten the life span of your system.

also i want to know ho can i configure my internet settings
Auslogics tell me some Recommendations but tune up tell me other Recommendations

Ignore them. The recommendations won't do anything of worth.

do you know any good program my internet speed from 0.5 to 2.5 mbps my internet type wimax usb modem

There is no prgram that can speed up your Internet connection. If you want faster connections then you have to upgrade from dialup, to DSL, cable or fiber optics.

run scanner if you need

I did not ask for a new Runscanner. I need the log generated by OTL when you ran the fix I attached.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#46 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 09 August 2012 - 07:08 PM

(blue screen) i had remove eset
i instal avast blue screen coming

in your opinion which one better avast anti virus+online armor fire wall or esest anti virus with online ormor

//
which firewall is better eset or avast if i dont want to use online armor?

#47 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 09 August 2012 - 09:06 PM

Stop install and uninstalling programs. It complicates trouble shooting.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    SEE ATTACHED OTLfix.txt
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#48 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 09 August 2012 - 09:57 PM

otl stop on DRV - (KLIF) --DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)

#49 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12626 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 09 August 2012 - 10:38 PM

Run the Removal tool for Kaspersky Lab products. Instructions and download for the Removal tool can be found at: http://support.kaspe.../?qid=208279463

Once you have run the Removal tool for Kaspersky Lab products, restart you system and run a fresh scan with OTL. Attach the new OTL log to your next reply.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#50 kamry2009

kamry2009

    Forum Regular

  • Members
  • PipPipPipPip
  • 273 posts
  • OS:Windows XP
  • AV:kaspersky
  • HIPS:emsisoft malwarbytes_ super anti spy ware
  • Other:advanced system care+anti crash

Posted 10 August 2012 - 12:00 AM

attach




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users