GT500

Emsisoft Employee
  • Content Count

    13534
  • Joined

  • Days Won

    423

Everything posted by GT500

  1. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  2. OK, lets go ahead and move on to ComboFix. I just wanted the RogueKiller log to make sure that there wasn't a ZeroAccess infection, and that TDSSKiller has verified that ZeroAccess is not present. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  3. That would depend on what is wrong with the flash drive. If it is just a partition/filesystem issue, then that should be fixable. Also, many retailers can look up your receipt if you paid with a credit or debit card. If you paid with cash then it wouldn't be possible (unless you purchased from Fry's Electronics and one of the sales guys printed out a 'quote' for you).
  4. I assume this was happening on Windows 7? Do you know if you installed the optional update "Update for Windows 7 (KB2640148)"?
  5. OK, according to our developers Emsisoft Anti-Malware 6.5 will scan files as fast as it can pull data off of your hard drives, so if you have fast hard drives then the scan speeds will eat up more CPU time. In the next major version, we intend to add a mechanism where you can control CPU usage (I would believe it involves limiting the number of threads that EAM will create or CPU cores that EAM will attempt to use, so you can prevent it from completely using your entire processor).
  6. From what I'm seeing, this laptop probably isn't more than one or two years old, so the fan shouldn't have died even with 100% CPU usage. Let me ask the developers if there's a way to reduce CPU usage while scanning.
  7. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  8. Please uninstall Online Armor, restart your computer, then click on the Start button, type network connections into the search field at the bottom of the Start Menu, click on View network connections in the search results (should be at the top of the list), and right-click on your network interface and select Properties. There should be a list in the middle of the window of components that your network connection is using. Look through that list for anything related to Online Armor, and if you find one then click on it to select it and then click on the Uninstall button. If you have more than network interface, then you should repeat that for each one. After that, check and see if you can delete those phantom devices in the Device Manager.
  9. OK, there is definitely a rootkit infection. It should be removable, however I feel I should warn you that when removing some rootkits it is possible to lose your Internet connection, and in more extreme cases it could cause your computer to fail to start up. Download the latest version of TDSSKiller from here and save it to your Desktop (I know this is somewhat redundant if you still have TDSSKiller, however they do update it from time to time). Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. Click the Start Scan button. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach that report to your next reply.
  10. There was a bug report open on this issue. I'll have to check and see if it was resolved, as it isn't showing up in the publicly accessible list.
  11. I've never seen a laptop fan break due to high CPU usage. I guess it's possible, if the lubricant had leaked out of the bearing, for the bearing to overheat with too much use and seize up. How old is this laptop?
  12. Please get me a log from TDSSKiller by following the instructions below: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  13. I hate to do this, however I'm running a bit short on time today, so I've asked one of our other helpers to take over for me. On the plus side, ComboFix isn't showing any missing System Files. If you did manage to delete them, then Windows may have restored them (Windows does have a built-in system file protection that is capable of restoring missing System Files on startup, as long as there is a backup copy of the file).
  14. I went ahead and attached your OTL log to your post for you. I am seeing some signs of a previous infection in that OTL log. I'll wait until I can see the ComboFix log before I make any determinations, however.
  15. I would believe it is a violation of the End User License Agreement for Windows to redistribute the files without permission from Microsoft, however we may be able to recover them with ComboFix (assuming your computer is still functioning): Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  16. Those names are similar to important system files. Did you spell them exactly as they appeared when they were deleted? Also, are you able to follow the instructions at this link to get us some logs from your computer?
  17. I've been told that the rootkit your infected with should have been removed by TDSSKiller. It's possible that they've updated it to fix this, so lets get a new log from TDSSKiller. Download TDSSKiller from this link and save it on your desktop (you can download files from the Linux boot disk if needed). Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  18. May I ask what version of Online Armor you are using? Is it 5.5.0.1557? Also, from the screenshots it look like Windows 7. Do you have Service Pack 1 installed?
  19. Unfortunately, we don't have an ETA. There is a fix, and it has been in testing, however there is a lot more than just this one fix that has been incorporated into the new Online Armor update, so it needs to undergo a lot more testing than would be required for just a single fix.
  20. Emsisoft Anti-Malware uses multiple threads in order to scan files as fast as they can be loaded from your hard drive. This means that high CPU usage is normal during a scan, even if you have a CPU with multiple cores. This is done in order to ensure that scan times are shorter, because files can be scanned faster. BTW: I moved your post from another topic on CPU usage into this one.
  21. You're quite welcome. Since everything seems OK, I am going to go ahead and close this topic. Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.
  22. OK, that's just the backup that The Avenger makes in case we need to restore any of the files. From the logs, it sounds like your computer is clean. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  23. Are you no longer able to start the computer in Safe Mode With Networking?
  24. Only if you want to. The easiest course of action may be to simply reformat and reinstall (or in the case of most computers purchased from companies such as Dell, HP, Gateway, Toshiba, etc. you would want to initialize the recovery partition). Let me know if you want to keep trying, however I can make no guarantees that I will be able to assist you in repairing the system with a reinstall.
  25. OK, that log looks good. Go ahead and run a scan with Emsisoft Anti-Malware, and let me know if it detects anything.