GT500

Emsisoft Employee
  • Content Count

    11202
  • Joined

  • Days Won

    322

Everything posted by GT500

  1. That's an overly complicated download page... Try this link for Service Pack 1 for Windows 7 x86.
  2. The logs aren't showing that you restarted your computer after adding the exclusions. Could you go ahead and turn off debug mode, restart your computer, delete the logs folder, and then turn on debug mode again, restart again, add exclusions again, and then restart again and send us the logs after that?
  3. OK, go ahead and reinstall Emsisoft Anti-Malware from this link. Once you have it installed and updated, go ahead and try to run that scan (a Smart Scan should be fine) and attach that report to a reply for me.
  4. Glad to hear it. Go ahead and empty your System Restore again, and then you should be good to go: Click on the Start button. Right-click on My Computer Select Properties from the list. In the window that pops up, click on the System Restore tab. Click the check box to Turn off System Restore. Click the Apply button at the bottom-right, and answer Yes to the question. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it. Click the check box to Turn off System Restore again and click OK to turn the System Restore back on. Click on the Start button again. Go to All Programs. Go to Accessories. Go to System Tools. Click on System Restore. Select Create a restore point on the right, and click Next at the bottom. Enter a description for the restore point, and click Create. Click Close to finish the process.
  5. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  6. Please uninstall Emsisoft Anti-Malware, restart your computer, and then download Emsiclean from this link (be sure to save it on your desktop), and follow the instructions below to get me a log: Run the Emsiclean download that you saved on your desktop. Read the disclaimer. Note that you must agree to it in order to proceed. Once the scan is finished, simply exit Emsiclean, and do not remove anything. A new file will be saved on your desktop with a log of what was detected. Please attach that to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  7. OK, go ahead and get me a fresh OTL log, and then we can continue normally: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  8. The logs are showing a couple of things that haven't been deleted yet (let me know if you are not able to delete some of this stuff): c:\users\marci\documents\flash decompiler trillix 3.0.3.470 + crack.zip c:\windows\system64\hale.exe (this one appears to be a trojan, so don't worry if you can't delete it) Also, you HOSTS file contains a lot of bypasses for Adobe's product activation which will need to be deleted. To reset your HOSTS file and clear out all of those entries, please download HostsExpert from this link. Extract HostsExpert from the ZIP archive it comes in, run it, and click the button that says "Restore MS Hosts File". Refer to the screenshot below to see what it looks like: After that, run CKScanner again, and attach the new log to a reply for me.
  9. OK, we'll probably need some logs to see what the problem is. Open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode (just above the Run Safety Check Wizard, restart your computer, and then try running your Database .NET program. After the program terminates, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to RapidShare, and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  10. OK, we'll probably need some logs to see what the problem is. Open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode (just above the Run Safety Check Wizard, restart your computer, and then try the System Restore. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to RapidShare, and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  11. OK, go ahead and update Emsisoft Anti-Malware and then run a scan with it, and let me know if it detects anything. There should be a button that says View Report (see screenshot below) after the scan is done, so you can view the report in Notepad, save it on your desktop, and then attach it to a reply for me to review.
  12. Both of those logs show lots of cracks, keygens, etc. used in pirating software. There are also files related to RemoveWAT (Remove Windows Activation Technology) which is an activation crack for Windows, and at least one malicious file related to CHEW7 (another activation crack for Windows that appears to come bundled with a trojan). We do have a no piracy policy here, so before we proceed I am going to have to ask you to remove all pirated software, all cracks, all keygens, etc. and then rerun CKScanner and WVCheck and post the new logs for me to review.
  13. 1. Please download The Avenger from this link, and make sure to save it on your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Save the AvengerScript.txt at the link below to your desktop, open it, and copy all the text contained in the AvengerScript.txt file, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link): Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer! 3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon. Please paste the contents of the attached AvengerScript.txt file above (which you should have already copied) into the white box in The Avenger (see example picture below). Click on the Execute button in the low-right corner (see example picture below). Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please attach the content of c:\avenger.txt to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  14. You can delete the backup as soon as you are certain that removing the files didn't cause any problems. Yes, the new EEK 2.0 comes with Emsisoft BlitzBlank, which can delete stubborn files and folders just like The Avenger can, and unlike The Avenger it supports 64-bit editions of Windows. Oh, and while I'm thinking about it, I should probably have you uninstall ComboFix: Hold down the Windows key on your keyboard (it has the little Windows logo on it, next to the Ctrl key) and press R to open the Run dialog. Type ComboFix /Uninstall in the field (make sure to leave a space just before the /) and then click OK ComboFix should take care of the rest.
  15. OK, I need to see logs from a couple more utilities before we continue: Download CKScanner from here Important : Save it to your desktop. Doubleclick CKScanner.exe and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify that the file is saved. Please attach the CKFiles.txt file on your desktop to a reply by using the More Reply Options button to the lower-right of where you type in your reply. Please download WVCheck from this link (make sure to save it on your desktop), and follow the steps below to get me a log: Double-click on the WVCheck file that you saved on your desktop to run it. Once it has launched, press Enter on your keyboard to start the scan (this could take a while, depending on how much hard drive space you have). Once it is done, it will open a log in Notepad. Please save this log on your desktop, and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  16. Can you please try allowing Online Armor to run normally, and disable Emsisoft Anti-Malware and let me know whether or not the System Restore works with OA running and EAM disabled? Also, if you could disable Online Armor and leave Emsisoft Anti-Malware running normally and also let me know if the System Restore works when OA is disabled and EAM is running then that would be helpful in figuring out what is going on as well.
  17. Please get me a log from TDSSKiller by following the instructions below: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  18. I got your private message saying things are fine now. When you are having trouble with Internet Explorer, does it get better after a restart, or does it just get better on its own after a while? Does the trouble only start after running ComboFix? Also, lets get an anti-virus scan just to make sure that we are not missing anything. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  19. Is the path something like D:\adobe\Acrobat\ActiveX\ ? If so, then please try the instructions below: 1. Please download The Avenger from this link, and make sure to save it on your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Save the AvengerScript.txt at the link below to your desktop, open it, and copy all the text contained in the AvengerScript.txt file, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link): Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer! 3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon. Please paste the contents of the attached AvengerScript.txt file above (which you should have already copied) into the white box in The Avenger (see example picture below). Click on the Execute button in the low-right corner (see example picture below). Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please attach the content of c:\avenger.txt to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  20. OK, I have written a script that will tell ComboFix how to fix one of the entries I saw in your log. Here are instructions on what to do with the script: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Please save the following CFScript.txt file onto your desktop: [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  21. For 32-bit Windows, please download MiniRegTool.zip and unzip it. For 64-bit Windows, please download MiniRegTool64.zip and unzip it. Run the MiniRegTool download. Copy and paste the following into the rectangular white box in MiniRegTool: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost Check Export keys radio button. Press Go button and post the result.
  22. OK, try following the instructions at this link and see if that resolves the problem. Those are instructions on how to reset Internet Explorer to default settings (there's a 'FixIt' you can run at that link as well, if you don't want to try and do it on your own). Note that it will also reset your homepage again, so don't be too surprised when it happens.
  23. Are you trying to log in via the Customer Center? We disabled the support section there when we replaced it with a new helpdesk system. Check out https://helpdesk.emsisoft.com/ and see if you can create a password and log in there.
  24. Adobe Flash did not drop a temp file when it ran until version 11 (or was it 11.2 when they made that change?). If you were to install Flash 10, you wouldn't see notifications about that temp file in OA 5.5.0.1557 like you did (although using outdated versions of Adobe Flash is a security risk, and is not recommended). The issue with the certificate not being trusted was an issue with OA 5.5.0.1557, however you only saw it when trying to install or update Flash until Adobe changed how Flash worked. Now, thanks to updates to Flash that cause it to run in a way that seems rather odd, you get to see the notification every time the Flash plugin loads.