GT500

Emsisoft Employee
  • Content Count

    11517
  • Joined

  • Days Won

    333

Everything posted by GT500

  1. Is everything OK at the moment?
  2. If this is a program that you trust, then why not leave it set as 'Trusted' in Online Armor?
  3. That log looks fairly good. I am seeing some stuff that I can remove with OTL, so before we do that lets get a virus scan. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  4. As long as the download is coming from Adobe.com.
  5. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  6. I would recommend only downloading Adobe Flash from Adobe.com, as you can't guarantee you will get the latest version from third-party download sites.
  7. The Behavior Blocker will always ask the moment a file has been updated. It is a security mechanism to ensure that you are aware of when a file changes, just in case it has been replaced by a malicious file.
  8. Everything looks good to me. BTW: When you install free software, there is often an option to install a toolbar and change your browser homepage. Normally you can uncheck the option to install the toolbar, and that would prevent toolbars such as Babylon from getting installed.
  9. OA may block inbound traffic on the port that µTorrent is listening to, in which case you would need to open that port in OA. I think port settings are only available when OA is in Advanced Mode. Let me know if you have trouble with it, and I will whip up some instructions.
  10. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  11. OK, that looks a lot better. Lets get a fresh OTL log for good measure. Also, you may want to update Malwarebytes' Anti-Malware and run a Quick Scan with it, and attach the log to a reply. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  12. Is this a program that you installed, and are certain is safe?
  13. I have heard of issues with Remote Desktop before. You may wish to try something such as VNC for the time being. As for the BSOD, I am not aware of any that ask you to run a driver verification tool. Please follow the instructions at this link to open the Windows Event Viewer, and under Windows Logs on the left please check the various subcategories for error reports.
  14. Online Armor is capable of allowing or deny Internet access on a per-application basis. As for ports, that depends on what port you set µTorrent to use. µTorrent uses a random port for its BitTorrent connection, which you should be able to find in µTorrent's connection options.
  15. Well, your logs don't look too bad, but there are some Firefox extensions that need to go, so I wrote a script to get rid of them. Here are instructions on what to do with the script: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please save the following CFScript.txt file on to your desktop (note that it must be saved as a Text Document named CFScript for it to work): [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  16. OK, lets get a TDSSKiller log as well: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  17. On the assumption that I might be missing something in the logs, I have asked some of our researchers to take a look at your logs as well. They want to see some more information, so here's some instructions: Please download Farbar Service Scanner, save it on your desktop, and follow the instructions below to get me a log. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center Windows Update [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please attach the log to a reply by clicking on the More Reply Options button to the lower-right of where you type your reply.
  18. They may be the same now, but because OA++ is about to be discontinued we cannot guarantee that there will not occasionally be variations in the signatures when compared to EAM.
  19. You're not having an easy time at this, are you? OK, lets start back up with ComboFix. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  20. You're quite welcome. Let me know when you're ready to try deleting those registry entries.
  21. Since OA++ uses an older version of our engine, and since it has been discontinued, the signatures may not alway be the same as the ones for EAM.
  22. Have you tried reinstalling the flash plugin?
  23. We usually just refer to that as freezing. Either a program freezing, or the entire system freezing. It can have multiple causes, however system freezes are usually caused by driver issues and security software conflicts.
  24. If you check the logs around the time of the BSOD, you might be able to find out what caused it. There might be an application or system error in the logs.