• Content Count

  • Joined

  • Last visited

Everything posted by TriK

  1. I was strengthening executable from IE v9 "ielowutil.exe" which was being called on by Yahoo Messenger v11.5 for added security. I used the RunSafer feature of my Emsisoft Online-Armor Firewall. The yahoo messenger threw an error code associated with "Messenger/Plugin/16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin/vitality/vitality/vitality.html" and "vitality.min.js" (which was installed with the messenger) preventing the app from shutting down normally. I uninstalled the messenger, flash player, .net framework, internet explorer, removed all temp files, registry keys. ran in cmd prompt regsvr32 jscript.dll regsvr32 vbscript.dll ^numerous times reinstalled all mentioned software noticed internet explorer didnt want to download without "scriptlets" enabled under internet options> "security" tab> "custom levels" button as well as functioning for firefox download. so I was stuck with internet explorer, and unable to download other browsers. ontop of that yahoo messenger was still throwing the error with vitality.min.js this left me with one option. "ielowutil.exe" was still being run in RunSafer mode with Online Armor. any chance we will see windows executables on a different level of RunSafer to prevent conflicts such as this while still being able to provide the sandbox features of RunSafer? I spent about 8 hours nonstop trying to fix this, please fix Emsisoft staff.
  2. I noticed online armor premium detected svchost.exe send RAW data as Ouput without a destination, it was added as a rule. Is this normal of svchost.exe?
  3. The Anti-Keylogger in Online Armor Premium showed explorer.exe in the Anti-Keylogger section after I deleted all my trusted programs etc to start fresh and remove unneeded trusted files after installing 3rd party apps. Is it safe? Or am I infected down to the explorer.exe.
  4. Turning on Online Armor's "Filter Invalid MAC Address (According to IEEE OUI Listing)" under ADVANCED mode> Options > Firewall makes Cyberghost unable to connect to there VPN network. Don't know if this is a problem with me in particular or something that just is and would like to know.
  5. Did that and anti-malware disabled surf protection and behaviour blocking. Took into consideration if it took out the antivirus then I need to reformat. methods I took to clean the computer Darik's Boot and Nuke Wiped the harddrive with quick erase. Flashed motherboard BIOS reinstalled Operating System
  6. an extras.log wasnt made for some reason, I checked on Purity and LOP. didnt set at minimal output. and it made this log first time it started 04162012_184508.log problem is OTL shut itself down immediately after. so I restarted OTL again. and it closed unexpectedly possibly from me clicking on stuff while it was starting up. then 3rd time "a charm" it started up and i ran the scan. here is the log.
  7. So I found some other tools to help resolve this problem once and for all. CatchMe log shows a ntdll modification. MBR log could be a compatibility problem with Windows 7 I dont know but it doesnt look like it completed successfully. GMER came back clean.
  8. [#10193] got this error from while trying to login but I went to my profile and get around the error. Also and related sites like do not work though I have tested to see if the sites are down with 3rd party sites designed to test sites for you and it came back as on. So it is just me that can not access and Ive tryed with different browsers and the problem still exists.
  9. Windows Defender was showing an error under the the description of it when going to start>run>services.msc and clicking on the Windows Defender service. The problem that windows defender had though has been fixed on its own! It must have resent the information when updating with definitions. Everything seems ok now. Though its amazing how nothing has come up. I could have sworn my computer was throwing some very bazaar symptoms, and like we found out crypto wasnt working properly. If I am infected its probably something laying low till a predetermined date in the future. Unless you say otherwise.
  10. here is the tdsskiller log and I do know that the detection of "switchboard" should be alright. it is an adobe application, though I dont know why its not recognized as signed. so maybe o ye read the post prior to this one there is more. ps cryptographic service is running again.
  11. the Windows Repair Tool from fixed Windows Update but ComboFix seems to have broken my Windows Defender since I uninstalled ComboFix the wrong way. I reinstalled ComboFix and uninstalled the right way through start>run>type: combofix /uninstall then added the attached registry values to fix windows defender (which I found on microsofts site). though windows defender is now fixed im still receiving a description error <Failed to Read Description. Error Code: 1168 > when I go to start>run>type:services.msc and check Windows Defenders properties. Though windows update and windows defender now works again I still have a very ugly looking Error Code under the description of the Service Windows Defender. If anyone has advice on how to fix this I would like to know. Cryptographic Services says it is running under services.msc so I will run the scan again from earlier to see if Cryptographic is still running. This is a command I used in cmd prompt: sfc /scannow this checked for any corrupt services and repaired them. Though none of the services seemed to say it was repaired and Ive run all the other options I'm going to check one last time with the instructions from prior to see if Crypto is running.
  12. tdsskiller came back clean though Anti-Malware 6.0 said that the quarantined files for Trojan Crypt are no longer flagged as bad. ill try the windows fix now and let you know.
  13. Anti-Malware 6.0 says its a TrueCrypt Trojan... Is this alright?
  14. heres the new log. hope everything clears up with this log. thanks for sticking with me on this one. would really like to learn how to do this stuff on my own. and would love a payed position with emsisoft doing just about anything. I build websites and have 3 certificates in computer support specialist so I know a few things. Also taking classes for my A+, Network+, and Security+ certificates.
  15. so I rebooted after getting the log and a new icon i havent seen came up in my task notification icons area. It said "Traffic Warning!" when I hovered over it and so I clicked it and it took me to the cyberghost site. though the icon didnt look anything like cyberghost. Im going to research to confirm since i failed to take a screenshot. sorry about that.
  16. heres the otl log. also, my computer turned itself on in the middle of the night last night. and I woke up with my Anti-Malware 6.0 turned off and my Cyberghost VPN offline and a program I use called AnyDVD showed a popup which indicated it has just been started though it was running in the background when I turned off the computer. I checked the system event logs and it says the computer failed to shutdown but thats impossible as I watched the computer shutdown and why else would AnyDVD say that it has just started if it wasnt shut down. Besides my Anti-Malware 6.0 was turned off and its kind of obvious at this point.
  17. IE9 is already installed and Windows Update says its still available as an optional update. Ive been on the phone with microsoft and my isp and they both ran me through the default loop of troubleshooting though microsoft was more helpful. We didnt fix the problem however with IE9 saying that it was still available to download as an optional update within windows update. I read some information on the problem and its possible im infected. I have exhausted all other options.
  18. So I reformatted my computer and might still have a problem since IE9 and all other Windows Updates installed but IE9 still wants to install as an optional update. I did some research on the problem and I tried all the available options for fixing it. I also noticed one of the reasons listed it could be doing this is actually malware infection.
  19. still having problems. I tryed going to the malwarebytes site to download the free version and the site doesnt even load.
  20. windows activation window popped up and said i needed to enter my windows key for activation but i checked my windows activation and i have 24 more days till activation. and the site function attach still didnt work.
  21. firefox updated i have some addons but Im pretty smart with them and they shouldnt be interfering with your site. They are, NoScript, WOT, and HTTPS-Everywhere. windows defender works again after disabling combo fix. I tryed the attachment function on a different forum and the feature worked.
  22. i see a quick black dos window pop up after i restart and it goes away before I notice anything. I also noticed windows action center says windows defender isnt on. I try to access it and it locks up before I can enable it again. Anti-Malware says its turned off too under action center but it comes back on when i toggle file guard protection off and on. should I delete the combo box filder and qoobox folder? i think that might be why i see a block dos window pop up. but i hope that the combofix.txt is right. I dont know why its not showing up under C:/ though i found a combofix.txt under C:/Combo-Fix/ComboFix.txt
  23. I run it but it doesnt put a a file under C:/combofix.txt however it does under C/Combo-Fix/ComboFix.txt and here is that file. again that attachment feature on your site doesnt work for my browser for some reason. so im going to copy paste. ComboFix 12-04-10.01 - Adminerator 04/10/2012 12:26:57.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2986 [GMT -4:00] Running from: C:\Users\Man\Desktop\Combo-Fix.exe AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A} FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41} SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  24. also tried to download tdsskiller and it says its Trojan Crypt with the emsisoft anti-malware 6.0. It sent it directly to quarantine and then i attempted to submit and wouldnt give me the option of the drop down and it says "false alert" in grey in the submit window where i put details, name, and email.