GT500

Emsisoft Employee
  • Content Count

    12848
  • Joined

  • Days Won

    387

Everything posted by GT500

  1. Great. Lets try a third-party anti-virus scan just to make sure that we didn't miss anything. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  2. May I ask if Online Armor is running in Advanced Mode?
  3. The RAM issue is probably due to the nature of Physical Address Extension in Windows XP.
  4. No, everything looks fine in the logs. I just wanted to see if any System Files had been modified. There are other ways of finding out, but ComboFix is the one I am most familiar with.
  5. Please try the following, and let me know what happens: Click on the Start button. Go to All Programs. Go to Emsisoft Anti-Malware. Click on Emsisoft Anti-Malware Guard.
  6. May I ask if you have any security software beyond Emsisoft Anti-Malware and Windows Defender installed?
  7. Absolutely. I'll go ahead and send you an e-mail.
  8. Unfortunately, Andrey isn't finding anything in the memory dump that shows Online Armor trying to block something. Lets try getting Debug Logs and see if they show the cause. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, and restart your computer. After you've been able to reproduce the issue with freezing on shutdown, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder. Note that RapidShare and BayFiles have been having issues lately, and we may not be able to download the files from them. If you have DropBox, Google Cloud Storage, or Microsoft SkyDrive then those services would be more reliable. Also, you can attach files to private messages on these forums, and I would believe the limit is up to 128MB, so if the file is smaller than 128MB then you can just attach it to a private message to me on these forums.
  9. Do you connect to the Internet through a mobile broadband card?
  10. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  11. Lets try ComboFix, and see if it can tell us anything new about this issue. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt)Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  12. It only appears on startup? That could mean that's it's the service that experiencing the error, which means that the log would be empty. Lets try this: Hold down the Windows key on your keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap R to open the Run dialog. Type in services.msc and click OK to open the list of services. Find the Emsisoft Anti-Malware Service in the list. Right-click on it, and see if you can click on Start to start the service. Let me know if you see the error message when you do that.
  13. If you want the icon to come back, then there is a rather easy way to do it. Before you can do it, however, you must disable the self-protection in Emsisoft Anti-Malware; Open Emsisoft Anti-Malware. Go to Configuration in the menu on the left. Uncheck the Activate self protection option. Close Emsisoft Anti-Malware. Here are the steps for getting the icon back. Hold down the Ctrl and Shift keys on your keyboard, and tap the Esc button. When the Task Manager pops up, make sure you are on the Processes tab. Right-click on a2guard.exe and select End Process Tree, and click the End process tree button on the dialog that pops up to confirm it. Click on the Start button. Go to All Programs. Go to Emsisoft Anti-Malware. Click on Emsisoft Anti-Malware Guard. The Emsisoft Anti-Malware icon should now be back in the System Tray/Notification Area. Note that you can turn the self-protection back on in Emsisoft Anti-Malware after doing that.
  14. Which HOSTS file or blocklist you use if up to you. hpHosts and MVPS HOSTS are both good. Would it be possible for you to attach your screenshots to your posts? They are all too small for me to read, and clicking on them only takes me to the bild.me homepage. Also, lets get an OTL log, since it sounds like this is more than just an EAM/OA issue. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  15. leissner, I'll be taking over for Kevin. Lets get started with a fresh OTL log. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. Please make sure that the OTL.txt file is saved on your desktop, and then attach it to a reply so that we can take a look at it.
  16. I'm not really certain what Start Center is (a quick Google search showed me a cancer care center in Texas), so if you could post a link to the homepage for that software then that would be great. HitmanPro is a scanner, and does not include real-time protection. There shouldn't be any conflicts with it. Spybot Search & Destroy does have a real-time protection component called TeaTimer, which used to cause issues when other software tried to remove threats. I recommend leaving TeaTimer disabled. Malwarebytes Anti-Malware does have a real-time protection component, however it is usually compatible with Emsisoft Anti-Malware. The worst issues you might see are some decreases in performance, which can be resolved by adding exclusions. ZoneAlarm Extreme Security appears to be a traditional Internet Security Suite (anti-virus, firewall, and other protection mechanisms). I am not aware of any issues with ZoneAlarm Extreme Security, however such issues can normally be taken care of with exclusions if necessary. All of that being said, with two anti-virus software running real-time protection, plus Malwarebytes Anti-Malware running real-time protection, you will more than likely experience some performance issues.
  17. It looks like OTL took care of everything that was in the script. Lets run an additional cleanup with a couple of other utilities, as there are a lot of files and registry entries related to some of the things I had OTL remove that don't show up in an OTL log. Please download AdwCleaner and save it on your desktop. Close all open programs and internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Please attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer. Please download Junkware Removal Tool and save it on your desktop. Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Please attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  18. As far as I can tell, there's no indication that there is a loadpoint for that file. Are you still seeing the file being blocked?
  19. Hopefully that means that it was an isolated incident.
  20. Lets try uninstalling Online Armor, and then reinstalling it with Beta Updates enabled. Here are the instructions: Uninstall Online Armor. Restart your computer twice. Download and install Online Armor from this link. After Online Armor starts, make sure to select the Premium edition like you are installing normally. Click Next and then enter your license key. Click Next and allow it to run through its update. After the update, when it says Initialization finished!, click on the link that says Click here to adjust program options. In the upper-right, click the option for Beta updates, and then click the OK button. Click on the button to restart your computer.
  21. Have you searched for any of these blocked websites in EAM's Host Rules? Have you checked the logs in EAM and OA to see if they show the websites being blocked?
  22. Yes, this error means that Emsisoft Anti-Malware is not functioning. I have a hunch that Process Monitor will tell us what might be causing the issue. You can download Process Monitor from Microsoft at this link. Here's instructions on how to get the information: Extract the Procmon file from the ZIP archive and run it. Click Filter at the top, and then select Filter from the menu. Click the drop-down that says Architecture (top left of the dialog), and change it to Process Name. In the empty white field to the right type in the process name a2start.exe and then click the Add button. Click the OK button. The dialog should close, the filter should be applied, and everything that was being displayed in Process Monitor should disappear. Go ahead and launch Emsisoft Anti-Malware. After you see the error message, close it, and then go back to Process Monitor. Go to File and Save, make sure it is saving on your Desktop (no need to change any other options), and click the OK button. Please attach the Logfile that it saved on your desktop to a reply by using the More Reply Options button to the lower-right of where you type in your reply. Please note that you will most likely need to ZIP the file before attaching it. If you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  23. OK, lets try getting an OTL log, and see if it shows what is causing this. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  24. It's possible that there is some filesystem damage that caused the issue. Have you checked your hard drive for errors?
  25. Most security software contains a self-protection mechanism of some sort to prevent other processes from accessing their memory.