Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. Please follow the instructions at this link and attach your logs to a reply to this topic by using the More Reply Options button to the lower-right of where you type in your reply.
  2. It looks like the issue with the Adobe Flash installer not being trusted. Try marking the file as trusted and as an installer, and let me know if that helps.
  3. We'll probably need some logs to see what the problem is. Open Online Armor, go to 'Options' in the menu on the left, click the little check box to enable debug mode (just above the "Run Safety Check Wizard", restart your computer, and then try the update again. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs) and attach it to a reply for me. Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to "Send To", and clicking on "Compressed (zipped) Folder".
  4. Could you please post a screenshot of the message? Here's a link to instructions on taking a screenshot, and you can attach it to a reply by clicking on the More Reply Options button to the lower-right of where you type in your reply.
  5. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  6. Yes, you will most likely need to create a Linux disk from another computer. It doesn't matter which version of Windows you have, so long as you have a blank CD and can burn data to it. Linux disks are downloaded as a file that needs to be burned to a disk in a special way. They call it a disk image, or an ISO image, and it usually needs to be burned in a special way. Windows 7 allows you to right-click on an ISO image and burn it to a CD. Most CD burning software also has an option to burn an ISO image to a disk.
  7. I've been talking to one of our researchers, and that file is a Windows System File. The reason scans are failing on that file could be due to filesystem damage and it could be due to physical damage to your hard drive. Follow the instructions at this link, and instead of loading Safe Mode load the Recovery Environment. Once you get into the Recovery Environment, you should see a screen like this: You'll want to click the link to load the Command Prompt. At the Command Prompt, type out chkdsk /R C: and it will check the filesystem for errors and check every sector on the hard drive for damage. Any repairs to the filesystem will be made automatically, and any bad sectors on your hard drive will be marked so that Windows won't try to write data in them.
  8. If you don't have a utility such as 7-Zip, WinZip, or WinRar then you can right-click on the file, go to Send to, and then click Compressed (zipped) folder. Windows will add the file to a ZIP archive that you can attach to a reply.
  9. Here is a download of a ZIP archive that contains a batch file. When run, this batch file will enable debug mode in Emsisoft Anti-Malware. Please extract this batch file from the ZIP archive, and make sure that you run it as an administrator. A black window will open momentarily, and it will quickly disappear once it is done (it should only take a second to make the change). After you run that batch file, please be sure to restart your computer, and then download DebugView from this link and follow these instructions: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors.
  10. Your logs don't look bad, and according to this information the file that was detected is a Conexant modem driver. It looks like Ikarus detected it, so my first instinct is that this is a false positive. Would it be possible for you to ZIP a copy of the file and attach it to a reply? You'll need to click the More Reply Options button to the lower-right of where you type in your reply.
  11. If you have an external hard drive, and a bootable disk (Fedora Linux or Ubuntu for instance) then you should be able to recover your data. A BartPE or UBCD4Win disk will work as well, however they require a Windows XP CD to create. If you want to try the Linux disks, you can get one of the editions of Fedora from this link (I recommend either the KDE or the Xfce versions, as they will most likely be easier for you to use), and you can get Ubuntu from this link. When you start your computer up off of these disks, you will be able to browse the files on your hard drive and copy them to your flash drive or external hard drive.
  12. The Windows XP recovery disk is a bit different, and probably won't be able to access the System Restore from an installation of Windows 7. Do you have access to a Windows 7 computer with a CD burner where you have administrative rights?
  13. Do you have a Windows 7 disk?
  14. There are a few reasons why your computer's fans would be making a lot of noise. One could be bearing damage that causes noise when the fans spins faster, another could be too much dust in the fans, and there's also the possibility of an electrical issue. A bearing issue cannot be fixed, however if you have a good silicon based lubricant then many fans have a way to add lubricant in order to extend the lifespan of the fans. If it's just dust, then that can be removed with a can of compressed air. A power issue can usually be solved by plugging your computer in through a UPS (Uninterruptible Power Supply). Most UPS units will filter power, and this can help with a lot of issues (I've seen computers perform better when connected to a UPS, speakers emit less static when the volume was turned up, and various other small improvements when plugged in to a UPS). Of course, even if any of those suggestions resolve the issue you are experiencing, I'm sure you'll still be wondering why the update process causes the fans to make noise. It's possible that some extra processing power is required for the updates, and this can cause the processor to heat up a little bit, which causes the fans to spin faster. How much your processor heats up depends on what processor your computer has and how good the heatsink and airflow inside the computer are.
  15. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box: :OTL SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (PermissionResearch) -- C:\Program Files\PermissionResearch\prservice.exe (TMRG, Inc.) SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" ={searchTerms}&SearchSource=4&ctid=CT2260173 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 1A 52 E4 CA 1E CC 01 [binary data] IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" ={searchTerms}&SearchSource=4&ctid=CT2260173 FF - "Swag Bucks Customized Web Search" FF - "{searchTerms}" FF - "Swag Bucks Customized Web Search" FF - prefs.js..extensions.enabledItems: [email protected]:1.2 FF - prefs.js..extensions.enabledItems: [email protected]: FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}: FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}: FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.3 FF - HKLM\Software\MozillaPlugins\,version= C:\Program Files\, Inc\WorldWinner Games\npwwload.dll (, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\PermissionResearch [2012/04/04 21:49:28 | 000,000,000 | ---D | M] [2012/03/09 20:30:48 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012/03/07 16:32:11 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} [2011/02/15 05:34:11 | 000,000,000 | ---D | M] ( Intelligent Shopping Toolbar) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\[email protected] [2011/10/06 01:03:52 | 000,000,923 | ---- | M] () -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\searchplugins\conduit.xml [2012/04/04 23:11:01 | 000,001,540 | ---- | M] () -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\searchplugins\swagbuckscom.xml [2012/04/04 21:49:28 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\PROGRAM FILES\PERMISSIONRESEARCH [2011/06/04 21:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2011/06/04 21:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll CHR - default_search_provider: search_url ={searchTerms}&SearchSource=4&ctid=CT2260173 CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - Extension: Entanglement = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\ CHR - Extension: Poppit = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: PermissionResearch = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.331.4_0\ O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.) O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll ( O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll ( O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll ( O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O4 - HKLM..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe () O4 - HKCU..\Run: [{4669E75E-65D5-159C-A4BC-C1109D1D8AD6}] C:\Users\BPV\AppData\Roaming\Tiloap\firisi.exe (TLN Team) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Ygvum [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Qyux [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Budilu @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:07C99568 @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:63CD0333 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471 :Commands [EMPTYTEMP] [RESETHOSTS] Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  16. That's OK, I don't want you to reinstall Windows. There's a special disk you can make called Ultimate Boot CD 4 Windows (UBCD4Win), and all you need to make it is a Windows XP disk, a blank CD, and a CD burner. You should be able to run a System Restore from this disk. Although, now that I think about it, Windows 7 should have an option when starting up to load the Recovery Environment, which you should be able to run a System Restore from as well. That will allow you to restore your computer back to a time before the infection happened, which should repair your system's networking services. You can load the Recovery Environment by following the instructions at this link and select to load the Recovery Environment instead of Safe Mode.
  17. That's OK. Do you have a Windows XP disk?
  18. We don't recommend installing Onine Armor without first having the latest Service Packs from Microsoft. If you would like to get Windows Service Packs on disk, then please see this link.
  19. If your installation of Windows isn't genuine, then I recommend that you get a genuine copy of Windows and reinstall before we proceed.
  20. Please follow the instructions at this link, and one of our malware removal specialists will be happy to assist you.
  21. OK. If your topic gets closed then just send me a private message asking me to reopen it.
  22. I assume that the following file is something that you downloaded? C:\Clemens\18_Vorlesung_MSM_2010\Diplomarbeit\LVK\pdfcracker.exe
  23. If you can't get to the Windows desktop, then a bootable disk would be needed to resolve the issue. You would need access to a computer with Internet access, a CD burner, and a blank CD.