GT500

Emsisoft Employee
  • Content Count

    13276
  • Joined

  • Days Won

    411

Everything posted by GT500

  1. I'm still seeing the following crack/keygen related files on your computer: c:\documents and settings\llllllllllllllllllll\desktop\crack\idman.exe c:\documents and settings\llllllllllllllllllll\desktop\crack\regkey windows 32-bit.reg c:\documents and settings\llllllllllllllllllll\desktop\crack\regkey windows 64-bit.reg c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\ad_muncher_v4.91_crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\crack trucks & trailers.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\crack_4.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\driver genius professional v11.0.0.1112 + crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\idm-6.07-build-7--+-crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\compressed\regcure 3.0.2 + crack.rar c:\documents and settings\llllllllllllllllllll\my documents\downloads\video\superantispyware professional 5.0.1142.(new keygen) registered for free - youtube.flv Please remove all cracks and keygens, then rerun OTL and CKScanner, and post new logs for me.
  2. As far as I can tell, there is nothing malicious at that IP address. It also does not appear to be the address of a server on the Internet (or at least I'm not finding any information about a server at that address). It is possible that it is a computer on your ISP's network that is broadcasting Quote Of The Day messages, and chances are that it is completely harmless.
  3. Well, 169 isn't the full IP address, as every IP address has 4 octets (or at least IPv4 addresses do). An example would be 192.168.1.1 (the periods separate the 4 octets). As for port 17, that is normally used as a part of the TCP/IP standard called Quote Of The Day. Does Online Armor not show you the full IP address?
  4. What version of Online Armor do you have installed? Is it at least 5.5.0.1557? If not, then try a manual upgrade by downloading and installing from this link.
  5. Hello, and please forgive me for the slow reply. Please make sure that Emsisoft Anti-Malware is installed in the default folder (C:\Program Files\Emsisoft Anti-Malware on 32-bit systems and C:\Program Files (x86)\Emsisoft Anti-Malware on 64-bit systems). The Emsiclean utility will delete the folder that Emsisoft Anti-Malware was installed in, so if there is anything else in there it will be deleted as well.
  6. Are you not able to remove those traces that are found with Emsisoft Anti-Malware, or do they keep reappearing after you remove them?
  7. I'm sorry, but due to the amount of keygens you have on your computer, I'm not going to be able to continue assisting you until you delete all cracks, keygens, pirated serials, and all of the following software from your computer: Internet Download Manager Ad Muncher Trucks & Trailers Driver Genius Professional Edition RegCure SUPERAntiSpyware Revo Uninstaller Once you have removed all of these programs, any cracks and keygens, and any other pirated software that you have then go ahead and get me a fresh OTL log and a fresh CKScanner log, and I will be happy to continue assisting you.
  8. Was it able to boot before running a chkdsk? Do you have a Windows XP CD (or at least an ISO image of a Windows XP CD)? You should be able to recover your computer with a UBCD4Win disk, but you need a Windows XP disk (or possibly a Windows 2003 disk) in order to build a UBCD4Win disk.
  9. That log looks pretty good. Lets get a second opinion with an online virus scan. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  10. Also, after running ComboFix with the instructions above, please run CKScanner as well. You can download CKScanner from here. Important : Save it to your desktop. Doubleclick CKScanner.exe and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify that the file is saved. Please attach the file named CKFiles.txt on your desktop to a reply by going to More Reply Option below.
  11. OK, go ahead and disable McAfee, and then try running ComboFix again.
  12. The connections attempts could be from some of your Firefox extensions. Here's a link to instructions on how to manage extensions in Firefox. Make sure that you know what each extension is and what it does. Remove or disable anything that you don't absolutely need.
  13. I'm glad to hear you got your issue resolved. Let us know if you have any further trouble.
  14. Run TDSSKiller first. We can run ComboFix after it is done. ZeroAccess could be the reason why ComboFix couldn't finish.
  15. Have you tried resetting your cable modem? It should have a reset button on it somewhere. You often have to press it with a paper clip. Normally you would want to hold it down until the power light started blinking, and then let go. Once the lights are done blinking, it should be ready for use again.
  16. Do you connect to the Internet through a router?
  17. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  18. Did you turn off your anti-virus software before running ComboFix? Most anti-virus software will prevent ComboFix from running properly. Since ComboFix had issues, go ahead and follow the instructions at this link for running TDSSKiller, and remove anything it finds. Let me know if it detected anything.
  19. OK, I have written a script that will tell ComboFix how to delete some stuff I saw in your log. Here are instructions on what to do with the script: Turn off your Anti-Virus software. Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7324-my-pc-always-crash/ KillAll:: Collect:: c:\windows\TEMP\klsB53F.tmp Suspect:: C:\DH Temp.tmp c:\windows\atemp.tmp c:\program files\Common Files\dx.reg RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b3bb7e0e-aa09-4ffc-be0f-575cce34418d}] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e46a23c3-2958-4f13-93d0-2c67509e02b4}] DDS:: uInternet Settings,ProxyOverride = local Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). Close Notepad and verify that the CFScript file is saved on your desktop. Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  20. There are a few things that can cause that. File permissions may have gotten changed, some software may be denying access to the file, there may be issues with the way Windows is accessing the hard drive that the file is stored on (driver issues for instance), or there may just be errors in the filesystem that are preventing Windows from reading the file. I'll go ahead and look over your ComboFix log, and see if there may be something malicious that is causing the issue. Edit: Just taking a look at the list of installed security software has shown a problem. You have Kaspersky Internet Security, and you have COMODO Antivirus and COMODO Firewall. Having all three of those installed could cause problems, and I highly recommend that you either remove the COMODO software entirely (both antivirus and firewall), or if you prefer the COMODO software to the Kaspersky software then I recommend that you remove the Kaspersky Internet Security.
  21. I don't see anything in that log that would explain this. There were a couple of file that looked like they were running out of your temp folder, but I want to confirm that with OTL. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  22. Has it been happening since we ran ComboFix? If so, run ComboFix again, and attach the log to a reply.
  23. Yes, since you already ran ComboFix go ahead and attach the log to a reply for me. You will find it as C:\ComboFix.txt
  24. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box: :OTL SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found SRV - (HidServ) -- File not found SRV - (gupdatem) خدمة Google Update (gupdatem) -- File not found SRV - (gupdate) خدمة Google Update (gupdate) -- File not found FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found File not found (No name found) -- C:\DOCUME~1\LLLLLL~1\LOCALS~1\TEMP\RAR$EXA0.656\PALEMOON\EXTENSIONS\STATUSBAR[email protected] [2012/02/01 16:06:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\llllllllllllllllllll\Application Data\Mozilla\Firefox\Profiles\4j52sf7g.default\extensions\[email protected] [2011/12/27 18:36:05 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. [2011/12/27 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\llllllllllllllllllll\Application Data\Babylon [2011/12/29 03:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\llllllllllllllllllll\Application Data\BabylonToolbar [2011/12/27 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  25. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!