GT500

Emsisoft Employee
  • Content Count

    10173
  • Joined

  • Days Won

    290

Everything posted by GT500

  1. OK, that's looking better. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  2. 5.5.0.1557 appears to be the latest version (at least I'm not aware of any newer versions).
  3. As far as the other logs, lets refrain from looking at those for the moment. ComboFix and OTL are usually enough, and when they are not then more powerful utilities are required.
  4. Assuming that you are looking for something that is free, Avira AntiVir and avast! are pretty good. Edit: Microsoft Security Essentials also has a good detection rate, however it does have trouble removing infections due to lack of drivers. Online Armor, of course. I've never heard of it before, so I can't say whether or not it is any good. Since you're a Firefox user, try something such as AdBlock Plus. It's free, and it should take care of most of the ads you encounter around the Internet. You may also want to check out the Fanboy Adblock List (I use it in Opera by itself and I rarely see ads). Yes, a program such as HostsMan is a great compliment to any security setup, as it will automatically manage your HOSTS file and update it for you from sources such as hpHosts and MVPS HOSTS. You just have to configure it the way you want it, then make sure it is running in the background, and it will do the rest. Firefox has a tendency to slow down a little with each extension/add-on you install. A minimalistic approach tends to be best for performance, and for security as well. Many people consider the 'essential' extensions to be things such as AdBlock Plus and NoScript. Many security experts also recommend the Web Of Trust extension for Firefox, Internet Explorer, Opera, Google Chrome, and Safari. And now for your ComboFix log. I have written a script that will tell ComboFix how to delete some stuff I saw in your log. Here are instructions on what to do with the script: Turn off your Anti-Virus software. Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7324-my-pc-always-crash/ KillAll:: Driver:: gupdate CD-Lock gupdatem maconfservice PROCEXP151 WinRing0_1_2_0 Suspect:: c:\documents and settings\llllllllllllllllllll\Local Settings\Application Data\Mac.bat c:\documents and settings\llllllllllllllllllll\Local Settings\Application Data\EmptyARP.bat c:\documents and settings\llllllllllllllllllll\Local Settings\Application Data\ConfigIP.bat Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "F.lux"=- DDS:: IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=4KA6912A&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=4KA6912A&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=4KA6912A&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=4KA6912A&id=menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=4KA6912A&id=menu_ie_report Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). Close Notepad and verify that the CFScript file is saved on your desktop. Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  5. OK, that is looking better. Those screenshots you asked about are not a big deal (I don't even know when Merijn last had a chance to update BugOff). Lets start with ComboFix, and see what it tells us. Since it's been a little while since your last ComboFix log, go ahead and run it again (following the same instructions as last time), and attach the log to a reply.
  6. What anti-virus software are you using?
  7. Try downloading and installing the latest version of Online Armor from this link.
  8. OK, here is a link to instructions on how to build a UBCD4Win disk. Note that you will need a blank CD and a CD burner so that you can burn the ISO image to a disk. Let me know if you need any help with that part. Once you have created a UBCD4Win disk, you will need to start your computer up off of it. When you first turn your computer on, there should be a button on your keyboard that you can press to open what is usually called the "Boot Menu". Your computer will tell you what button to press. Most will say it in one of the corners of the screen, and Toshibas will have it below the Tohiba logo in the middle. Once you get the Boot Menu open, select your CD or DVD drive, make sure the UBCD4Win disk is in the drive, and press Enter on your keyboard. Before starting up, you will be presented with a menu of options. Make sure that Launch "The Ultimate Boot CD For Windows" is selected (it should be highlighted in black) and then press Enter. If you don't do anything, then it should start automatically after 20 or 30 seconds. It make take several minutes to start up, since it is essentially loading a Windows environment off of a CD. Once it is done, you will see a Windows XP desktop (if you see any options as it is starting up, then you can ignore them, and it will continue loading after a few seconds). Once the desktop starts to load, it will ask you if you want to start network support. You can tell it No unless you want to pull up the instructions on the Internet, or unless you feel you will need Internet access at any point during the process. There is an icon on the desktop for EZPCFix, however when I click on it I get an error message, so I assume that it won't work for you either (it probably needed a plugin to be enabled in order to work properly). Go ahead and click on the Start button, go to Programs, go to Disk Tools, go to Diagnostic, and go to Check Disk. In the window that pops up, type in the letter of the drive you want to scan, such as C: and then press Enter on your keyboard. You can answer n for 'no' to the question about scanning for bad sectors. Make sure you answer y for 'yes' to the question about fixing errors. And then confirm y for 'yes' if you entered everything correctly. It will begin a check of your hard drive, and fix anything that is wrong with the filesystem. If that does not work, then please let me know, and we can go from there.
  9. I'm still seeing the following crack/keygen related files on your computer: c:\documents and settings\llllllllllllllllllll\desktop\crack\idman.exe c:\documents and settings\llllllllllllllllllll\desktop\crack\regkey windows 32-bit.reg c:\documents and settings\llllllllllllllllllll\desktop\crack\regkey windows 64-bit.reg c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\ad_muncher_v4.91_crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\crack trucks & trailers.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\crack_4.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\driver genius professional v11.0.0.1112 + crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\idm-6.07-build-7--+-crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\regcure 3.0.2 + crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\video\superantispyware professional 5.0.1142.(new keygen) registered for free - youtube.flv Please remove all cracks and keygens, then rerun OTL and CKScanner, and post new logs for me.
  10. As far as I can tell, there is nothing malicious at that IP address. It also does not appear to be the address of a server on the Internet (or at least I'm not finding any information about a server at that address). It is possible that it is a computer on your ISP's network that is broadcasting Quote Of The Day messages, and chances are that it is completely harmless.
  11. Well, 169 isn't the full IP address, as every IP address has 4 octets (or at least IPv4 addresses do). An example would be 192.168.1.1 (the periods separate the 4 octets). As for port 17, that is normally used as a part of the TCP/IP standard called Quote Of The Day. Does Online Armor not show you the full IP address?
  12. What version of Online Armor do you have installed? Is it at least 5.5.0.1557? If not, then try a manual upgrade by downloading and installing from this link.
  13. Hello, and please forgive me for the slow reply. Please make sure that Emsisoft Anti-Malware is installed in the default folder (C:\Program Files\Emsisoft Anti-Malware on 32-bit systems and C:\Program Files (x86)\Emsisoft Anti-Malware on 64-bit systems). The Emsiclean utility will delete the folder that Emsisoft Anti-Malware was installed in, so if there is anything else in there it will be deleted as well.
  14. Are you not able to remove those traces that are found with Emsisoft Anti-Malware, or do they keep reappearing after you remove them?
  15. I'm sorry, but due to the amount of keygens you have on your computer, I'm not going to be able to continue assisting you until you delete all cracks, keygens, pirated serials, and all of the following software from your computer: Internet Download Manager Ad Muncher Trucks & Trailers Driver Genius Professional Edition RegCure SUPERAntiSpyware Revo Uninstaller Once you have removed all of these programs, any cracks and keygens, and any other pirated software that you have then go ahead and get me a fresh OTL log and a fresh CKScanner log, and I will be happy to continue assisting you.
  16. Was it able to boot before running a chkdsk? Do you have a Windows XP CD (or at least an ISO image of a Windows XP CD)? You should be able to recover your computer with a UBCD4Win disk, but you need a Windows XP disk (or possibly a Windows 2003 disk) in order to build a UBCD4Win disk.
  17. That log looks pretty good. Lets get a second opinion with an online virus scan. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  18. Also, after running ComboFix with the instructions above, please run CKScanner as well. You can download CKScanner from here. Important : Save it to your desktop. Doubleclick CKScanner.exe and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify that the file is saved. Please attach the file named CKFiles.txt on your desktop to a reply by going to More Reply Option below.
  19. OK, go ahead and disable McAfee, and then try running ComboFix again.
  20. The connections attempts could be from some of your Firefox extensions. Here's a link to instructions on how to manage extensions in Firefox. Make sure that you know what each extension is and what it does. Remove or disable anything that you don't absolutely need.
  21. I'm glad to hear you got your issue resolved. Let us know if you have any further trouble.
  22. Run TDSSKiller first. We can run ComboFix after it is done. ZeroAccess could be the reason why ComboFix couldn't finish.
  23. Have you tried resetting your cable modem? It should have a reset button on it somewhere. You often have to press it with a paper clip. Normally you would want to hold it down until the power light started blinking, and then let go. Once the lights are done blinking, it should be ready for use again.
  24. Do you connect to the Internet through a router?
  25. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!