GT500

Emsisoft Employee
  • Content Count

    10938
  • Joined

  • Days Won

    310

Everything posted by GT500

  1. Please download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Open Outlook, and wait until it crashes. After you have replicated the crash you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  2. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and copy it to the desktop of the infected computer. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  3. Those definitely look like files related to an infection. Here's some instructions: 1. Please download The Avenger from this link, and make sure to save it on your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Copy all the text contained in the CODE box below, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link): Files to delete: C:\Users\jore\AppData\Local\Npupi.dat C:\Users\jore\AppData\Local\umadacibi.dll Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer! 3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon. Please paste the contents of the CODE box above (which you should have already copied) into the white box in The Avenger (see example picture below). Click on the Execute button in the low-right corner (see example picture below). Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please attach the content of c:\avenger.txt to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  4. Yes, it does that for every attachment that you don't click the "Add To Post" link for. It looks like you right-clicked on your hard drive. Did you try left-clicking on it?
  5. OK, if the scans are completing and coming up clean then I'd say that your computer is most likely OK now. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  6. OK, from that log it looks like it is safe to run ComboFix. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  7. I don't see it in that list either. Please go back to the File Manager, click on your hard drive in the list on the left, and take a screenshot of it for me. As for Java, you don't need to install it, as most Linux distributions come with an open source implementation of Java. Adobe Flash is another matter, and needs to be installed separately, however with Red Hat based distributions such as Fedora it is possible to set up Adobe's repository for YUM (Yellowdog Updater, Modified) which allows the Adobe Flash package to be downloaded and updated by Fedora's package manager and updater. Installing and managing software on Fedora is another matter entirely, so I won't go into that at the moment (especially since you would need to install Fedora onto your computer in order to install and remove software).
  8. It is a little late to go into this, since I have already helped you clean up your computer, however I noticed the following file in your ESET scan log: F:\Download\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO\activator.exe This appears to be an activation crack for Microsoft Office Professional 2010, and we do have a "no piracy" policy here. Also, please note that with many hacks, cracks, keygens, etc. there are infections that have been injected into them, so even when they work as expected there is still the danger of your computer being infected. Since your computer appears to be clean (with the exception of the activation hack for Microsoft Office), I am going to go ahead and post my final instructions, and then close this topic. If you require any further assistance, then please remove any pirated software/cracks/hacks/keygens/etc from your computer, and go ahead and send me a private message on these forums to let me know. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  9. Do you have your update scheduled to run at the same time every day? If so, you could get a DebugView log for our developers to take a look at.
  10. That log doesn't look too bad. I do see the µTorrent toolbar is installed on your computer, and it appears to be using the Conduit toolbar engine. Since Conduit-based toolbars have been known to exhibit behavior similar to spyware or adware, they are not usually recommended, however they are not actually malicious. Also note that your browsers do tend to perform better without extra toolbars, so you may want to disable or remove any extra toolbars that you have installed, as they are usually not necessary. Lets get a second opinion, just to verify that everything is good. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  11. Assuming that ComboFix was able to run properly, that log shows that ComboFix deleted the infection. Just to verify, lets get a log from an online virus scan. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  12. OK if you want to try and run a disk check from the Fedora boot disk, there here's some instructions. Please note that this will be quite a bit different from Windows, it may be confusing, and it will probably seem a bit tedious. Linux does not assign letters to hard drives like Windows does, so the names of the drives may seem a bit odd if you aren't used to Linux. Also note that I'm going to try to use as many screenshots as possible to illustrate the process, and if they are too small to see or read properly, then you can click on them to see a larger version. After starting your computer up off of the Fedora 16 KDE disk, your desktop should look like this: The first step will be to find out what device name Linux has assigned to your hard drive. To do this, you will need to open KDE's equivalent of the "Start Menu", which is usually called the Application Launcher. Go ahead and click on the little blue icon in the lower-left corner of the screen that looks like the Fedora logo: When the Application Launcher opens, you will want to click on File Manager to open it: In the File Manager, on the left side, is a list of folders that you can quickly navigate to. Your hard drive should be at the bottom of that list, sort of like the screenshot below (note that the one is my example is listed as 60GiB in size, which is close to 60GB): Go ahead and click on that icon for your hard drive (you may see a message asking for a password pop up and then disappear, but don't worry about it, you don't need to enter a password for this to work), and the File Manage will ask the system to mount your hard drive. Once it is mounted, the File Manager will refresh to show you the contents of your hard drive, sort of like in the screenshot below: Once you see your hard drive's files, go ahead and open the Application Launcher again, and this move your mouse over Applications at the bottom (like in the screenshot below) in order to switch to the Applications list: Now click on System in the Applications list to view System applications: Scroll down and click on View Disk Usage: You will see a window similar to the one in the screenshot below (I resized mine before taking the screenshot in order to make it easier to read the information, and you may want to do the same as well): In my screenshot, the 60GiB drive listed is /dev/sda1 (note that it lists the sizes as GiB and not GB), so we know that it is the hard drive we are looking for. I have highlighted that hard drive in the screenshot below to make it easier to see: Theoretically, you should now know the name that Linux has assigned to your hard drive. There are other ways to get this information, and other ways that would have been easier, however it is important to note that in following those steps above you also learned some basics about the KDE desktop that you will need to know in order to copy your data to your flash drive. Make sure that you make a note of your hard drive's name, and then close the View Disk Usage program (which you may have noticed is also called KDiskFree). Now you should still have the File Manager open from earlier. If you do not, then please go back to the Application Launcher and open the File Manager again. You will need to right click on your hard drive, and select to Unmount it (sort of like in the screenshot below). Note that your files will disappear after you do this, however nothing has actually happened to them, it just means that the File Manager is no longer reading your hard drive (this is important when running the disk check): You can close the File Manager now, as you will not need it during the disk check. Go back to the Application Launcher, go to Applications again, and then click on System again. This time, open the Terminal. There are two of them, one is Konsole and the other is XTerm. Please open Konsole (I have highlighted it in the screenshot below), as my instructions will be for Konsole and not for XTerm: Type su - into the terminal (note that the space and the dash are very important) and then press Enter on your keyboard. After doing that, you should see exactly what is shown in the screenshot below: Now you can run your disk check. The command is ntfsck and you will need to specify your hard drive's name as well. In my example above, the hard drive name was /dev/sda1 so the command I will use to start the disk check will be ntfsck /dev/sda1 (if your hard drive had a different name, then simply fill in the name of your hard drive after the ntfsck command when you type it in, similarly to my example). Here's a screenshot of the Terminal after running ntfsck: There are no options for ntfsck, so if it doesn't ask you if you want to fix anything then just assume that it did fix any errors and restart the computer (you can find the Restart option in the Application Launcher under Leave). You should be OK to copy your data to your flash drive once it has finished restarting. You'll want to use the File Manager, and you will be able to access both your hard drive and your Flash drive from the menu on the left, just like I showed you in the instructions above. Edit: Oh, and before I forget! By default, KDE's File Manager is single-click sort of like MacOS. This means that when you click on a folder or file, it will open, as opposed to a double-click in Windows. In order to select files and folders, when you hold your mouse over them you will see a little green plus icon that you can click to select the file, and when you hold your mouse over a file or folder that is selected then you will see a little red minus icon that you can click to unselect it. Note that you can also click and drag to draw a box, like in Windows, to select more than one file or folder at a time.
  13. I recommend that you avoid installing to the hard drive (at least until you have had a chance to recover the data from your computer). There should be a link on the desktop that says Computer or My Computer and you should be able to access your computer's hard drive through there. When you connect your USB drive, it will show up on the desktop as a separate icon and it will show up in My Computer. You should be able to copy and paste data from your computer's hard drive to your USB flash drive in a manner very similar to how it works on Windows. The command prompt on Linux is usually referred to as the Terminal (or, in more technical terms, as a terminal emulator) or as the Console. You don't actually need to use that right now, and I would recommend avoiding the command prompt in Linux unless you know exactly what you need to type in. The Linux console/terminal/etc. tends to be a little less restricting than the one in Windows, and you can do some pretty incredible things in it, so it is really easy to get in to trouble with it.
  14. That log shows that there may be a problem with the MBR on your Seagate USB hard drive, however that shouldn't be a big deal unless you installed Windows on your USB hard drive. Based on what I'm seeing, I think it's safe to run ComboFix. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  15. It should be automatic.
  16. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  17. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  18. This would be the reason: AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* McAfee will delete NirCmd when ComboFix installs it. NirCmd is a powerful command-line utility that has been abused by malicious software in the past, so some anti-virus software will delete it the moment it is installed. This is why ComboFix cannot be run while anti-virus software is still active, because some of its tools will be deleted or blocked.
  19. You should be able to use any computer with Internet access and a working CD burner.
  20. OK, based on your RogueKiller log I think it is safe to run ComboFix. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  21. OK, that log looks fairly good. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  22. Please note that, with the option to resolve addresses enabled, Online Armor is merely trying to guess what address should be displayed on the notification by checking DNS to see what domains names resolve to that IP address. In the case of 127.0.0.1 you can have countless domain names resolving to that address (hundreds, thousands, etc). Since the domain name displayed in the Online Armor notification is a guess, please note that you cannot attempt to find out what extension is the cause simply from the domain name. You will need to disable each extension one and a time to test and see if the notifications stop. That would involve a process such as this: Disable an extension. Close Firefox. Reopen Firefox, and wait for the notification to pop up. If there's no notification from Online Armor then you found the extension that was causing it, if the notification appears again then go back to step 1 and continue to repeat these 4 steps until you find out which extension is causing the notification. Please note that this is the only way, short of marking Firefox as 'Trusted' in Online Armor, of preventing these notifications. Extensions should be able to access information over the Internet through Firefox's API's even with those settings disabled. That's why it is important to ensure that extensions are safe, as they can be an exploit vector.
  23. My apologies for the slow response, and for the confusion. Technically there is no 'resizer' app. When you run Windows in Safe Mode, if the screen resolution is below 800x600 then Emsisoft Anti-Malware will attempt to change the screen resolution to 800x600 so that its program window will properly fit on the screen.
  24. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.