Jump to content


Photo
- - - - -

Help, is my PC infected please


  • This topic is locked This topic is locked
49 replies to this topic

#1 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 02 May 2012 - 08:39 AM

At the request of Fabian Wosar I am sending 3 logs. EEK scan, OTL & Extras.

So many weird things have been happening, unwanted files appearing, pages hanging, sound distorted etc. etc. Emsisoft sometimes freezes in middle of scans, Outlook express hangs & have many Emsisoft Guard logs of suspected malware attacks, also services turn themselves on/off & enable/unable themselves. Grateful for your advice. Many thanks.

[attachment=11246:a2scan_120501-175530.txt][attachment=11247:OTL.Txt][attachment=11248:Extras.Txt]

#2 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 02 May 2012 - 05:27 PM

Please post a RogueKiller log by following the instructions below:
  • Download RogueKiller from this link, and save it on your desktop.
  • Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work):
    • On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon.
    • On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator.
  • Click the Scan button in the upper-right corner (don't worry about the rest of the options for now).
  • In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button.
  • There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log.
  • Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.

Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#3 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12929 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Windows Firewall
  • Other:WinPatrol Plus

Posted 05 May 2012 - 07:05 PM

Thread Closed

Reason:
Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#4 Fabian Wosar

Fabian Wosar

    Forum Veteran

  • Emsisoft Employee
  • 3343 posts
  • OS:Windows 8.1 x64
  • AV:Emsisoft Anti-Malware

Posted 09 May 2012 - 11:23 AM

Thread opened at original poster's request.
Best regards,

Fabian Wosar [Development]
Emsisoft Team - www.emsisoft.com

#5 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 09 May 2012 - 12:11 PM

Hi have now found out how to reply!! Attach the required scan RKReport1 for your perusal please. (sorry to be thick but am new to all this). Many thanks.

#6 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 09 May 2012 - 05:25 PM

That's OK. It can take some time to get used to how a forum works. ;)

That log is showing some problems with some system files. Before proceeding, lets get one more log just to make sure that there are no rootkits.

Please get me a log from TDSSKiller by following the instructions below:
  • Download TDSSKiller from this link and save it on your desktop.
  • Run the TDSSKiller download that you saved.
  • Click on Change parameters as it shows in the following screenshot:

    Posted Image

  • Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK:

    Posted Image

  • Click the Start scan button as in the following screenshot:

    Posted Image

  • You will see the following as the scan runs:

    Posted Image

  • If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip:

    Posted Image

  • Click on Report in the upper-right corner, as in the following screenshot:

    Posted Image

  • You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report.

    Posted Image

  • Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report.

    Posted Image

  • Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list.
  • Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot:

    Posted Image

  • Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.

    Posted Image


Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#7 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 09 May 2012 - 07:53 PM

Hi again - have now run the Kaspersky scan & post it below - it picked out 5 threats.

I do seem to think I remember seeing some ref to 'rootkit' somewhere or other when running my scans (or I may be wrong). Please let me know if the Kasp scan not OK or u need anything more. Look forward to hearing from you.

#8 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 09 May 2012 - 07:58 PM

[attachment=11386:Kasp.TDSSKiller.txt]


Sorry, this is the report to go with above reply.
By the way, not sure if you are aware that I do have 2 hard drives - C & D (D being the old one). Regards

#9 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 09 May 2012 - 08:25 PM

The OTL log should list all of your hard drives, as does the TDSSKiller drive (it checks the MBR on each drive).

Those unsigned files that were detected look OK to me. It is, unfortunately, fairly common for companies to not sign some of their drivers. It can be annoying when trying to figure out what stuff is, but it doesn't mean that the files are dangerous.

Based on your logs so far, I think it's safe to run ComboFix. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#10 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 09 May 2012 - 10:28 PM

[attachment=11389:Combolog.txt]I hope I have run this Combofix correctly & attach it below. It closed down half way through & I had to log back in again & seemed to freeze - so if it is not sufficient pls let me know.

Am now off to bed as my brain has been working overtime - you must be brilliant to understand all this!! Goodnight

#11 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 09 May 2012 - 11:19 PM

Brilliant? Or slightly crazy? I'm sure that's open to debate. :lol:

That ComboFix log looks fine to me. Lets get a second opinion just to make sure we didn't miss anything. Please run an online virus scan through ESET by following the steps below:
  • Turn off your anti-virus software.
  • Click on this link.
  • Click on the ESET Online Scanner button.
  • Put a check in the box that says YES, I accept the Terms of Use.
  • Click the 'Start' button just to the right of the checkbox.
  • Uncheck the box that says Remove found threats (this is very important).
  • Click on Advanced settings.
  • Put a check in the box that says Scan for potentially unsafe applications.
  • Verify that Scan for potentially unwanted applications is also checked.
  • Verify that Enable Anti-Stealth technology is also checked.
  • Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  • When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found).
  • Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me.
  • Close the ESET online scan.

I will take a look at the log, and let you know if anything needs removed.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#12 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 10 May 2012 - 02:17 PM

Have run the ESET scan & it tells me 'no threats were found'. Could not find a way to save the text as it gave me no option. Not sure if you meant me only to post report if threats WERE found.
If you do wish me to post the report then perhaps you could let me know how to save it at the end & I will re-run.
Can I ask you did any of the scans actually repair anything as it seems to be purring now? Or were they all just investigatory scans. Is it safe to delete the scans etc I have saved on desktop?
Thanks for your help & look forward to your reply. Regards

#13 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 10 May 2012 - 04:56 PM

If no threats were found, then I'm fairly certain that it does not give you the option to save a log, so that's OK.

ComboFix makes repairs on its own, and you will see some deletions in its initial log. Also, the scripts I asked you to run made some repairs as well (mostly just deleting things that were bad or didn't need to be there, as well as temp files).

If you go ahead and run a scan with Emsisoft Anti-Malware, does it detect anything?
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#14 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 12 May 2012 - 10:01 AM

Hi, have now run deep scan with Emsi anti-malware & it detected no threats. However, under the Guard Log it mentions two items as being 'Monitored'.

One is "'c\windows\system32\IE4\UINIT.EXE" & the other is "c\docs&setts\pamela\local settings\Temp\Set 2D52.TMP".

Does that mean they are suspicious as do not understand why they are being monitored. Any ideas pls?

Should I remove them as one look like a stray temp file & the other is IE4 & I have now IE8?

#15 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 14 May 2012 - 08:25 PM

Could you please upload each of those files to VirusTotal, and then send me the link to the analysis of each file? They could be harmless, but we can check and make sure. ;)
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#16 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 15 May 2012 - 05:08 PM

Im sorry but I've tried & tried & cannot fathom how to upload the files to Virus Tool or post a link to them. Please advise further.

For your info, the second file mentioned above I could not find on my system. I ran the CCleaner scan first. When searching for this file I got as far as 'local settings\Temp' & there is a SQL log which cannot be deleted & says 'it is being used by another person or programme' I cannot delete but nothing else was open. There is nowhere I can see the \Set 2D52.TMP file unless it is hidden. This file is also gone from the Emsi Guard where it was ''being monitored'.

The other one, SYSTEM32 file which is still being monitored I cannot find in my system, only \IE4UINIT & \IE4UINI.EXE.MUI - which one of these should I send to Virus Tool pls or both? Grateful for your advice.

#17 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 15 May 2012 - 08:04 PM

OK, here's an attempt at making instructions for using VirusTotal.

1. Click on this link to go to VirusTotal.

2. Click on the Choose File button as highlighted in the screenshot below, and then use the little window that opens to select your file:

Posted Image


3. After selecting your file, click the Scan it! button to scan the file:

Posted Image


4. If you see the message in the screenshot below, then click the Reanalyze button:

Posted Image


5. As your file is being analyzed, right-click in the address bar and select Copy from the menu:

Posted Image


6. Paste the address of the VirusTotal analysis into a reply so that I can take a look at it.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#18 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 16 May 2012 - 01:11 PM

Hi, thanks for that - Much clearer now. The file that is being monitored by Emsi Guard is: C:\WINDOWS\SYSTEM32\IE4UINIT.EXE
I cannot find a file exactly that but the first one is the nearest I think:

https://www.virustot...sis/1337166949/

https://www.virustot...sis/1337167760/

https://www.virustot...sis/1337168050/

#19 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 17 May 2012 - 12:17 AM

OK, that appears to be an actual Microsoft file, and is probably a false positive.

Would it be possible for you to export the log from Emsisoft Anti-Malware that shows the detection, and attach it to a reply? You can access the logs by opening Emsisoft Anti-Malware, and going to Logs in the menu on the left.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#20 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 18 May 2012 - 08:36 AM

Hi, as I said previously on 12th May, the IE4UINIT.EXE file is showing in the Guard Log as being Monitored but not in the scans. It will not let me copy this page or export it, as far as I can see. Pls advise if there is a way I can forward this entry to you.

The other file which was also in the Guard Log, is not now showing there, as I reported on 15th May.

I attach copy of scan log from yesterday, this shows a file which I have trouble with most days also, altho my computer has been much better in last few days.

Kind regards.

#21 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 19 May 2012 - 01:25 AM

Well, a screenshot showing the detection might contain enough information to submit a false positive report. Here's a link to instructions on how to take a screenshot. You can attach it to a reply the same way you have been attaching the logs.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#22 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 20 May 2012 - 12:37 PM

Good morning & thanks for help. Been on computers for many years & never knew how to do screenshot til now.

I enclose the screenshot of Emsi Guard Log from where you can see the one item that is 'being monitored' by Emsi. Cheers.

#23 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 21 May 2012 - 08:18 PM

If you remove the rule, then is the file still detected when running a scan?

You can remove the rule by following the instructions in the following screenshot (if it is too small to read, then you can click on it to make it bigger):

[attachment=11575:removing_rule.png]
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#24 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 22 May 2012 - 11:19 AM

Hiya, at your request I have deleted the rule & run the Deep Scan and again, as it has done since the beginning of all this, Emsi has detected no threats on this morning's scan (which took hours). You will remember, the scan showed no threats all along on the Scan Log, but on the Guard log it showed the IE4 file as 'being monitored'. It is not showing as being monitored now, but as I deleted the rule what would it go by? Someone must have made that rule in the first place, so surely if we delete it it is of not much use & why was it being monitored? Emsi showed no threats on the scan even before I ran your third party fixes & they found items & deleted.. I would add that I do regularly clear out temp files etc & run security scans. I am certain that Microsoft have something to do with all this as they seem to be updating forever! My sound is still bad but I am learning to live with it as cannot find a cure whatever I do.

Kind regards

#25 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 22 May 2012 - 05:47 PM

Rules are created when the Behavior Monitor asks you about a program. Whether it is 'Monitored', 'Blocked', or 'Allowed' depends on what you select when Emsisoft Anti-Malware asks you about a program. I misunderstood why you were asking about these monitored programs at some point, so my apologies for the confusion.

Fixing the sound issue could be difficult, as there are a number of potential causes. It could be a driver issue, it could be a DirectX issue, it could be an issue with the sound card (or the audio chip on the motherboard if it is integrated audio), it could be an issue with the speakers, it can be an issue with the cord that connects the speakers to the computer, and it can even be an issue with the power going into the speakers. Since driver issues can be fairly common, we can start with that, and see if we can fix it.

May I ask what model number your computer is, and who made it? This will allow me to look up what drivers to have you download for the audio.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#26 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 23 May 2012 - 07:14 AM

Good morning, had lots of downloads from Microsoft, pages & pages in last couple of days - seems Silverlight may have been causing probs too. Now running quite smooth.

My Computer is Dell - Dimension 4700 (Tag <removed by moderator>). Operating System = MS Windows XP Home Edition SP3.

Let me know if u need more info, many thanks

#27 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 23 May 2012 - 05:12 PM

According to Dell, the download at this link is the audio driver for your computer.

It might be prudent to uninstall the old audio driver before installing this one, however I just reviewed your OTL Extras log from your first post and I can't find it in the uninstall list... Go ahead and try installing that driver from Dell, and let me know if it helps. ;)
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#28 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 24 May 2012 - 10:16 AM

Good morning. When I tried to download the Dell driver - was told the Dell Drivers folder could not be located? Another thing gone on the missing - It asked me if I would like to download the folder & have done so. Many thanks for that.
Unfortunately tho, this has not cured my sound probs. Have a nice day

#29 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 25 May 2012 - 10:40 AM

  • Good morning, follow-up on last post. I didnt UNinstall the old audio driver as comp told me Dell driver folder could not be found & you also could not find it. However, I did find it after I had downloaded the new one & deleted it. Old driver was directly in Dell folder & not where it should have been (did check the number & date 1st). Good news, system sounds etc are now working fine - Thanks very much for that link .
  • I had previously several times checked through every device in Device Manager & it said all were working OK
  • Still cannot play CD/DVD - whatever had gotten into my machine sure did a good job of messing it up!! Getting there tho & much, much better.
  • Cheers!


#30 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 25 May 2012 - 09:30 PM

1. Good morning, follow-up on last post. I didnt UNinstall the old audio driver as comp told me Dell driver folder could not be found & you also could not find it. However, I did find it after I had downloaded the new one & deleted it. Old driver was directly in Dell folder & not where it should have been (did check the number & date 1st). Good news, system sounds etc are now working fine - Thanks very much for that link .


You're quite welcome. ;)


3. Still cannot play CD/DVD - whatever had gotten into my machine sure did a good job of messing it up!! Getting there tho & much, much better.


Are you trying to play them in Windows Media Player? Does something such as VLC media player play CDs and DVDs OK?
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#31 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 25 May 2012 - 11:47 PM

Good eve, Yes WMP tells me CD is playing but no sound comes out. Have uninstalled & reinstalled WMP. This is the message WMP gives - "Windows Media Player cannot play the file. The Player might not support the file type or might not support the codec that was used to compress the file."

Have uninstalled a while ago iTunes - CDs were playable in that but thought it might have interfered with WMP & took up too much room.
I have also uninstalled Microsoft silverlight this week as had pages & pages of MS logs about it - couldnt find out what I needed this program for, & had never used it, so I uninstalled it as it seemed to be causing probs.

Have just downloaded the VLC Media Player, looks good but this is the message when I tried to play CD :
"Your input can't be opened: VLC is unable to open the MRL 'cdda:///E:/'. Check the log for details." I could not find a log on this program ? ;)

#32 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 28 May 2012 - 09:04 PM

Interesting. Are you certain that you don't have problems with your CD drive?

Also, do you know what version of Windows Media Player you have installed? I would believe that 11 is the latest version.

As for VLC's logs, I'm not sure where it saves them. I don't see any on my computer. Another possible alternative would be SMPlayer, however if you have more than one CD drive you usually have to go into the options and tell it which drive has the CD in it.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#33 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 29 May 2012 - 11:01 AM

Good morning, I do have probs with my CD drive, it will not play CD or DVD. I have only one CD Drive which on my comp is Drive E.

Have recently uninstalled & reinstalled WMP, so am pretty sure it is V.11. Would the fact that I removed Silverlight & iTunes have any effect, ie would those programs remove other necessary 'stuff'.

The VLC gave me the exact message below (including the red print) :
"Your input can't be opened:
VLC is unable to open the MRL 'dvd:///E:/'. Check the log for details."

Have downloaded SMPlayer but not having much luck with that either, looks rather complicated tho.

#34 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 29 May 2012 - 07:08 PM

It isn't possible to remove the Windows components that allow for accessing CD and DVD drives when uninstalling iTunes and Silverlight. Windows has file protection in place that will automatically restore those components from a backup even if something were to delete them, so that shouldn't be what is causing the issue.

Chances are, based on the symptoms that you are describing, that it is the DVD drive itself which is not working, however it is difficult to know for certain without being able to connect a good CD or DVD drive to your computer and checking to see if you can play your CDs and DVDs from it.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#35 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 31 May 2012 - 12:35 PM

Good morning, good news I have managed to get the VLC to work. After tweaking it then gave me the above message again (red & black) several times. It then told me it had crashed & to send report which I did. When I restarted it, was good as gold & played a DVD & CD as good as ever.. Suppose that means my drive E is OK, tho it used to play cd straight away when I put it in but it doesnt now. I suppose that's because I have the players. Will get rid of the WMP. (Still reckon Microsoft causes a lot of probs).

My computer seems fine now & is purring away, everything seems to be back to normal thank goodness. Most things are all working again OK.
Cheers & thanks a lot for your patient help from a grateful OAP.

#36 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 31 May 2012 - 09:05 PM

Multimedia on a PC can be a bit annoying at times. If it is working for the moment, then lets move on.

Here's some final instructions for you:

1. Make Sure Java is Updated:

  • Click on the Start button.
  • Click on Control Panel.
  • Click Add or Remove Programs.
  • Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed.
  • Click on this link and download and install the latest Java (the Windows Online download will be faster).



2. Make Sure Adobe Flash is Updated:

  • Click on this link and download the latest version of Adobe Flash Player for your web browser.
  • You will need to close your web browser when installing Flash.



3. Make Sure Adobe Acrobat Reader is Updated:

  • Click on the Start button.
  • Click on Control Panel.
  • Click Add or Remove Programs.
  • Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it).
  • Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader.

(please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader)



4. Make Sure Your Computer Has The Latest Windows Updates:

  • Click on the Start button.
  • Go to All Programs.
  • Click on Windows Update.
  • If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it.
  • Once it is loaded, click on the Express button.
  • It will check for available updates, and once it is done you can click the Install Updates button.
  • It may ask you to accept a license agreement before it installs, so make sure you say Yes.
  • When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart.
  • Note that the update process can take a while, and you may need to run it several times before all of the updates get installed.



5. Web Of Trust Extension:

While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database.



6. Empty The System Restore:

  • Click on the Start button.
  • Right-click on My Computer
  • Select Properties from the list.
  • In the window that pops up, click on the System Restore tab.
  • Click the check box to Turn off System Restore.
  • Click the Apply button at the bottom-right, and answer Yes to the question.
  • Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it.
  • Click the check box to Turn off System Restore again and click OK to turn the System Restore back on.
  • Click on the Start button again.
  • Go to All Programs.
  • Go to Accessories.
  • Go to System Tools.
  • Click on System Restore.
  • Select Create a restore point on the right, and click Next at the bottom.
  • Enter a description for the restore point, and click Create.
  • Click Close to finish the process.


Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#37 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 01 June 2012 - 01:06 PM

Good afternoon, I have completed the following as per your instructions above :

1. Java - ok
4. Windows Updates - uptodate - I get auto updates
5. WOT - seems a good one & have installed, thanks for that
6. System Restore - ok
2 . Have deleted most of Adobe & also run search for any stragglers & deleted. However, there is an old version of 'adobe' (containing activex) I found on my old disc D, dated 2004, which I cannot remove at all. Have tried removing 'read-only' settings but keeps telling me access denied and/or being used when no other progs were open. Is not showing on add/remove programs. Is there any way you know that I can delete this old Adobe before I re-install please? I am sure that may have added to my probs?
3. I will reinstall Flash Player when, hopefully, have cleared all Adobe.

Grateful for your advice pls? Many thanks :)

#38 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 01 June 2012 - 07:20 PM

There can be more than one cause of "access denied" errors. The first is that the program is running, which in this case I doubt. Another common cause is when something is accessing the file and the file has been locked, which I also doubt is the case here. The third common cause is damage to the filesystem on the hard drive, which should be fixable by running a disk check on that hard drive. Please follow the instructions below to run a check disk on your hard drive, and hopefully that will resolve the issue:
  • Open My Computer.
  • Right-click on your D: drive, and select Properties.
  • Click on the Tools tab.
  • Click Check Now.
  • Make sure it's set to automatically fix errors.
  • Click the button to start the check.
  • If it asks you if you want to schedule the check disk to run the next time you restart your computer, tell it Yes, otherwise allow it to run the disk check normally.
  • If you scheduled the disk check to run after restarting your computer, then go ahead and restart your computer, and do not interrupt your computer when the light-blue screen comes up that says it will check your hard drive for errors. It must be allowed to complete it's process (usually only takes a few minutes).
  • Once the disk check is done, try to delete that Adobe file again, and let me know if you have any trouble with it.

Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#39 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 02 June 2012 - 01:45 PM

Good afternoon,

I have run the diskcheck on Drive D but still would not delete. Just to make sure, I then uncompressed the files on D, restarted & run dskchk for 2nd time - but will not delete. Path is "adobe\Acrobat\ActiveX\" then 3 dll files.

By the way I have tried to change the 3 dlls - from .dll to .old but still tells me access denied.

Regards :unsure:

#40 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 04 June 2012 - 08:41 PM

Is the path something like D:\adobe\Acrobat\ActiveX\ ? If so, then please try the instructions below:

1. Please download The Avenger from this link, and make sure to save it on your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Save the AvengerScript.txt at the link below to your desktop, open it, and copy all the text contained in the AvengerScript.txt file, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link):

[attachment=11769:AvengerScript.txt]


Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer!


3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon.
  • Please paste the contents of the attached AvengerScript.txt file above (which you should have already copied) into the white box in The Avenger (see example picture below).
  • Click on the Execute button in the low-right corner (see example picture below).

    Posted Image

  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#41 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 05 June 2012 - 01:11 AM

Yes, the path is exactly that as you say. However I have been unable to download the Avenger. Tried pausing Emsi protection & firewall - but will not let me download it! Pls advise :rolleyes:

#42 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 05 June 2012 - 02:27 AM

Hi again. Managed to download the Avenger after shutting down for a while & restarting. No luck tho - went thru it twice & have got Avenger file but is empty & the old adobe is still there. After 'execute' I only got one box to press yes to, not two.
I did not give you the full path of these old files, would that be the cause of its not working?
Full path is D:\Program Files\Common Files\adobe\Acrobat\ActiveX + 3 dlls. Regards

#43 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 05 June 2012 - 04:49 PM

Good afternoon,

Tried the instructions again this pm & it worked this time, altho did not delete the files. Should I try the whole path of the files as above pse?

Full path is D:\Program Files\Common Files\adobe\Acrobat\ActiveX + 3 dlls.

I will attach the log below so you can see the report. Many thanks

#44 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 05 June 2012 - 08:18 PM

OK, here's another AvengerScript:
[attachment=11796:AvengerScript.txt]
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#45 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 05 June 2012 - 09:36 PM

Hi, thanks for that - we have liftoff - at last they have gone. Should I leave the Avenger files containing the adobes on the C drive or delete them all now?. Surely shouldnt want the backup either.

Can you tell me would the new EEK 2 Free Cleaner be able to remove stubborn ActiveX like the Avenger?

Thank you so much for all your help :D

#46 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 06 June 2012 - 01:51 AM

You can delete the backup as soon as you are certain that removing the files didn't cause any problems.

Yes, the new EEK 2.0 comes with Emsisoft BlitzBlank, which can delete stubborn files and folders just like The Avenger can, and unlike The Avenger it supports 64-bit editions of Windows. ;)

Oh, and while I'm thinking about it, I should probably have you uninstall ComboFix:
  • Hold down the Windows key on your keyboard (it has the little Windows logo on it, next to the Ctrl key) and press R to open the Run dialog.
  • Type ComboFix /Uninstall in the field (make sure to leave a space just before the /) and then click OK
  • ComboFix should take care of the rest.

Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#47 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 07 June 2012 - 09:03 AM

Ok all done & my computer is purring again - will be downloading the new EEK 2 Free cleaner & renewing.
Thanks so much for all your patient help R500. :)

#48 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 07 June 2012 - 09:22 PM

Glad to hear it. ;)

Go ahead and empty your System Restore again, and then you should be good to go:
  • Click on the Start button.
  • Right-click on My Computer
  • Select Properties from the list.
  • In the window that pops up, click on the System Restore tab.
  • Click the check box to Turn off System Restore.
  • Click the Apply button at the bottom-right, and answer Yes to the question.
  • Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it.
  • Click the check box to Turn off System Restore again and click OK to turn the System Restore back on.
  • Click on the Start button again.
  • Go to All Programs.
  • Go to Accessories.
  • Go to System Tools.
  • Click on System Restore.
  • Select Create a restore point on the right, and click Next at the bottom.
  • Enter a description for the restore point, and click Create.
  • Click Close to finish the process.

Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com

#49 pumpkinseed

pumpkinseed

    Member

  • Members
  • PipPip
  • 26 posts
  • OS:Windows XP
  • AV:Emsisoft Anti Malware
  • HIPS:Windows
  • Other:Windows Malicious Software Removal Tool

Posted 08 June 2012 - 11:36 AM

Good morning, yep done that - hope it continues to go well. Cheers.

#50 GT500

GT500

    Emsisoft Support

  • Emsisoft Employee
  • 3461 posts
  • LocationFortville, IN, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • Other:Malwarebytes Anti-Malware 2.x Beta

Posted 08 June 2012 - 07:19 PM

Since everything seems OK, I am going to go ahead and close this topic. If you have any further trouble, then let me know and I can reopen it.

Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.
Best regards,

Arthur Wilkinson [Support/Quality Assurance]
Emsisoft Team - www.emsisoft.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users