Jump to content

GT500

Member
  • Posts

    14249
  • Joined

  • Days Won

    457

Everything posted by GT500

  1. I have not specifically received a response, however I am fairly certain that this is related to performance issues that were reported by others.
  2. I'd recommend deleting them just to see if they come back.
  3. Lets try deleting the 'a2settings' file from the Emsisoft Anti-Malware folder, and see if that helps. First, i recommend following the instructions at the link below to start your computer in Safe Mode With Networking: http://windows.microsoft.com/en-us/windows-8/windows-startup-settings-including-safe-mode Once your computer is running in Safe Mode With Networking, navigate to the Emsisoft Anti-Malware folder, which should be in the following location: C:\Program Files (x86)\Emsisoft Anti-Malware Once you have deleted the 'a2settings' file, then restart your computer normally, and then try launching Emsisoft Anti-Malware from the icon on your desktop to enter your license information.
  4. The script can be used as often as you want, but I have to assume that OTL won't find most of the items in the script (just like the second time you ran it).
  5. Actually, we've had a few program updates here recently, and a few more are being beta testing. You can see short descriptions of all of the program updates at this link.
  6. I'm not seeing anything in the log that looks malicious. I am seeing some driver errors from your Windows Event Logs. Have you checked your computer manufacturer's support website to see if they have updated drivers for your edition of Windows?
  7. OTL doesn't have any way to know you've already run the script, so it will run it again if you copy and paste it into OTL and click the button to run the fix. What I was trying to say earlier was basically that, once you have run the script, everything should be deleted. Once everything is deleted, running the script just gives you a bunch of error messages because it couldn't find the stuff. You see the full list every time you run it because the full list is in the script. Basically, OTL tries to process each line of the script, and if it cannot then you will see it in the log with an error message (such as "Not found") listed right behind the path to whatever it was supposed to delete.
  8. I would believe Fabian said you can turn off the settings that create the rules automatically.
  9. Well, we can try getting a log from FRST, and see if we can find what was causing it. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your 'Downloads' folder, so in those cases please move the download to your desktop): For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select "Run as administrator"). When the tool opens click "Yes" for the disclaimer in order to continue using FRST. Press the 'Scan' button. When the scan is done, it will save a log as a Text Document named 'FRST' in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there). Please attach the FRST log file to a reply (it is best if you do not copy and paste it into an e-mail). The first time the FRST tool is run it saves another log (a Text Document named 'Addition' - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply. If you are not used to attaching files to e-mails, then just look for a button in the toolbar above where you write your message that has a paperclip icon, and that should be the attachment button.
  10. Lets get a log from FRST, and see if that shows the cause of the issue. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your 'Downloads' folder, so in those cases please move the download to your desktop): For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select "Run as administrator"). When the tool opens click "Yes" for the disclaimer in order to continue using FRST. Press the 'Scan' button. When the scan is done, it will save a log as a Text Document named 'FRST' in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there). Please attach the FRST log file to a reply (it is best if you do not copy and paste it into an e-mail). The first time the FRST tool is run it saves another log (a Text Document named 'Addition' - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply. If you are not used to attaching files to e-mails, then just look for a button in the toolbar above where you write your message that has a paperclip icon, and that should be the attachment button.
  11. Actually it isn't strange. Conduit is a very popular framework for creating toolbars for web browsers, so something probably recreated that registry key. It is registered the first time you click the 'Quarantine' or 'Delete' buttons.
  12. 127.0.0.1 is the "loopback" address, which means it is always considered the address of your computer (regardless of what address you computer is assigned on your network or over the Internet). I assume you have a browser extension for Firefox that is causing it to connect to crawlability.com, although that domain name doesn't appear to point to anything at the moment. The domain name appears to have been created on March 11th, 2014 (so it's a pretty new domain).
  13. You can try the instructions at this link, and let me know if they help. I noticed Spybot Search & Destroy is installed. Is it the free version or the premium version?
  14. When you run a Custom Scan you can select to enable Direct Disk Access.
  15. If you don't want "No Risk" detections to show up, then you can disable PUP detection: Open Emsisoft Anti-Malware. Go to Guard in the menu on the left. Go to the File Guard tab. At the bottom, for Default action for Potentially Unwanted Programs (PUPs), you can select No detection from the dropdown menu.
  16. Extracting the EEK to a USB flash drive shouldn't cause any problems with it, as it is designed to be able to run from USB flash drives (we actually sell it on 16GB USB flash drives with licensing to be used for commercial purposes). The EEK registers its driver when it tries to delete stuff. When a driver is registered, it's the same as creating a service, and a registry entry is created to define the driver and allow it to be loaded. Some software (such as Autoruns from Microsoft) can show you what drivers and services are registered on a computer running Windows without you needing to know how to check the registry or how to use utilities such as OTL. For reference, here's a screenshot of the driver highlighted in Autoruns (click on the screenshot to make it bigger): The OTL script was written to delete specific files and registry entries that were in your EEK log from earlier, so those are the only things it will tell OTL to delete. Basically, unless the exact same files and registry entries end up back on your computer, then the OTL script is essentially only useful once.
  17. The only time that Safe Mode With Command Prompt would be necessary is in a case where a ransomware that locks down the computer in both normal mode and Safe Mode does not load in Safe Mode With Command Prompt, although in those cases you can usually type in explorer.exe and press Enter to launch the normal desktop without also launching the ransomware. Aside from that, since Emsisoft Anti-Malware makes use of drivers that allow for direct disk access and other advanced detection and deletion mechanisms, and since infections can load in Safe Mode just as easily as they can when Windows is running normally, it is generally better to just run your scans while Windows is running normally.
  18. BTW: It looks like this just got fixed in Beta Updates: http://changeblog.emsisoft.com/2014/04/15/beta-updates-2014-04-15/ I was told that it was also published for Emsisoft Emergency Kit, so if everything goes well in the beta, then it should be released as a stable update soon.
  19. It might be easier for you to use BlitzBlank, which comes with the Emsisoft Emergency Kit. That way you don't have to write a script by hand like I did. As for the response you got, I was the one that gave it to you. The OTL log does show that a driver is missing, and it is the cleanhlp driver that the Emergency Kit Scanner registers to delete things. Without that driver it will fail to delete anything. It's possible that Norton Internet Security may be blocking registration of the driver, but I don't know that for certain.
  20. I don't have the specifics as to what tasks are relegated to each individual service, however please note that all of the services and drivers installed by Online Armor are necessary for it to function properly.
  21. Joy, are you sure the computer has Windows 7? The link you mentioned talks about discontinued support for Windows XP, and not for Windows 7. My understanding is that Microsoft Security Essentials will continue to be updated for Windows Vista, Windows 7, and Windows 8.
  22. That log shows that it is safe to use Emsiclean to remove Emsisoft Anti-Malware. Please run Emsiclean again, making sure to select everything in the list, and then click the button to remove selected items. Please be sure to allow your computer to be restarted after doing this. After your computer has restarted, you may download and reinstall Emsisoft Anti-Malware from the link below: http://dl.emsisoft.com/EmsisoftAntiMalwareSetup.exe
  23. The Emsisoft Emergency Kit is a good tool, but for some reason it didn't seem to be able to create its driver that it uses to delete stuff on your computer (or at least that's what it looked like from the OTL log you had posted).
×
×
  • Create New...