Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. Are you trying to log in via the Customer Center? We disabled the support section there when we replaced it with a new helpdesk system. Check out and see if you can create a password and log in there.
  2. Adobe Flash did not drop a temp file when it ran until version 11 (or was it 11.2 when they made that change?). If you were to install Flash 10, you wouldn't see notifications about that temp file in OA like you did (although using outdated versions of Adobe Flash is a security risk, and is not recommended). The issue with the certificate not being trusted was an issue with OA, however you only saw it when trying to install or update Flash until Adobe changed how Flash worked. Now, thanks to updates to Flash that cause it to run in a way that seems rather odd, you get to see the notification every time the Flash plugin loads.
  3. There can be more than one cause of "access denied" errors. The first is that the program is running, which in this case I doubt. Another common cause is when something is accessing the file and the file has been locked, which I also doubt is the case here. The third common cause is damage to the filesystem on the hard drive, which should be fixable by running a disk check on that hard drive. Please follow the instructions below to run a check disk on your hard drive, and hopefully that will resolve the issue: Open My Computer. Right-click on your D: drive, and select Properties. Click on the Tools tab. Click Check Now. Make sure it's set to automatically fix errors. Click the button to start the check. If it asks you if you want to schedule the check disk to run the next time you restart your computer, tell it Yes, otherwise allow it to run the disk check normally. If you scheduled the disk check to run after restarting your computer, then go ahead and restart your computer, and do not interrupt your computer when the light-blue screen comes up that says it will check your hard drive for errors. It must be allowed to complete it's process (usually only takes a few minutes). Once the disk check is done, try to delete that Adobe file again, and let me know if you have any trouble with it.
  4. OK, that looks better. Are you still having trouble browsing the Internet? If so, is it just Firefox or is it Internet Explorer as well?
  5. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  6. Multimedia on a PC can be a bit annoying at times. If it is working for the moment, then lets move on. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it. Once it is loaded, click on the Express button. It will check for available updates, and once it is done you can click the Install Updates button. It may ask you to accept a license agreement before it installs, so make sure you say Yes . When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on My Computer Select Properties from the list. In the window that pops up, click on the System Restore tab. Click the check box to Turn off System Restore . Click the Apply button at the bottom-right, and answer Yes to the question. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it. Click the check box to Turn off System Restore again and click OK to turn the System Restore back on. Click on the Start button again. Go to All Programs . Go to Accessories . Go to System Tools . Click on System Restore . Select Create a restore point on the right, and click Next at the bottom. Enter a description for the restore point, and click Create . Click Close to finish the process.
  7. OK, that logs looks a lot better. Your homepages in IE and Firefox were changed by my script. You can change them back if you want. Could you let me know which browser you are having this issue with (or if it is both of them)? Also, I need to see a fresh OTL log, because I don't see anything in the ComboFix log that explains this: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  8. Aha, some light has been shed on this issue. Lets see if this fix will work. I have written a script that will tell ComboFix how to delete some stuff I saw in your log. Here are instructions on what to do with the script: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please save the following CFScript.txt file onto your desktop: [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  9. I would believe that is a System File. If you have a Windows disk for that edition of Windows, you may want to try sfc /scannow in the Run dialog and see if it will restore the file from the disk.
  10. Go ahead and delete everything that MBAM is detecting, and get me a fresh Quick Scan log. After that, I want to see a ComboFix log (I'm not certain if there is still an infection loading on your system), so here's the instructions again: Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  11. OK, that MBAM log shows a couple of things were scheduled to be deleted on reboot, so I'll need you to run another Quick Scan with MBAM just to make sure that it did remove them. Also, make sure to update it before running the scan. Yes, TDSSKiller has no 'cure' option for removing the TDSS filesystem. That's because the only way to deal with the TDSS filesystem is by deleting it. Technically, it should have been disabled by an earlier TDSSKiller run where I asked you to 'Cure' the detections that had that option (should be on the first page of this topic somewhere), however deleting it should still be safe.
  12. Windows hides most icons in the System Tray / Notification Area by default. There should be a little triangle-shaped button down there next to the icons that you can click on to see the hidden icons.
  13. It isn't possible to remove the Windows components that allow for accessing CD and DVD drives when uninstalling iTunes and Silverlight. Windows has file protection in place that will automatically restore those components from a backup even if something were to delete them, so that shouldn't be what is causing the issue. Chances are, based on the symptoms that you are describing, that it is the DVD drive itself which is not working, however it is difficult to know for certain without being able to connect a good CD or DVD drive to your computer and checking to see if you can play your CDs and DVDs from it.
  14. There's any easy way to find out if Emsisoft Anti-Malware is causing this issue. Right-click on the Emsisoft Anti-Malware icon in the System Tray / Notification Area (down by the clock). Select Shut down Guard (you will be asked to verify by typing in the code displayed in the CAPTCHA image). Hold down the key on your keyboard that has the Windows logo on it (usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog. Type in services.msc and click OK. Find the Emsisoft Anti-Malware service in the list (should be alphabetical) and click on it to select it. Click the Stop link in the area to the left of the list. This will completely disable Emsisoft Anti-Malware, allowing you to test and see if our service is what is causing the problem.
  15. OK, I'm seeing some stuff in the MBAM log that needs removed. Only remove the things I have listed in the box below, as well as anything related to MyWebSearch (they are too numerous to list below and still be easy to follow): C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll (Trojan.Agent.GMAGen) -> No action taken. ... HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll",DllRegisterServer -> No action taken. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll",DllRegisterServer -> No action taken. HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken. ... C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\c3478a0-6f42fcd2 (Trojan.Zbot.Gen) -> No action taken. ... C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll (Trojan.Agent.GMAGen) -> No action taken. As for the TDSSKiller log, I do see a TDSS filesystem that could be removed, so go ahead and do that after running Malwarebytes Anti-Malware again and removing the items I listed above. Make sure that you select to skip everything else in TDSSKiller, unless there is a Cure option. Do not select Delete for any detections except the TDSS filesystem. You most certainly do not want TDSSKiller to delete unsigned drivers, as not every unsigned driver is malicious (even some of our drivers lack a digital signature).
  16. Interesting. Are you certain that you don't have problems with your CD drive? Also, do you know what version of Windows Media Player you have installed? I would believe that 11 is the latest version. As for VLC's logs, I'm not sure where it saves them. I don't see any on my computer. Another possible alternative would be SMPlayer, however if you have more than one CD drive you usually have to go into the options and tell it which drive has the CD in it.
  17. There's no security problem with creating this registry entry. It just tells EAM to output debug information that DebugView can capture, so that we can see what's going on when this problem happens.
  18. You're quite welcome. Are you trying to play them in Windows Media Player? Does something such as VLC media player play CDs and DVDs OK?
  19. Malwarebytes Anti-Malware is a popular removal tool (especially on UNITE and ASAP help forums), however it is not currently the most effective against rootkits. I actually use it myself, alongside Emsisoft Anti-Malware of course.
  20. Thread reopened per user's request.
  21. You're quite welcome. Since everything seems OK, I am going to go ahead and close this topic. Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.
  22. According to Dell, the download at this link is the audio driver for your computer. It might be prudent to uninstall the old audio driver before installing this one, however I just reviewed your OTL Extras log from your first post and I can't find it in the uninstall list... Go ahead and try installing that driver from Dell, and let me know if it helps.
  23. Yes, you can copy files to a CD if the CD is formatted with a UDF filesystem. TDSSKiller can be run from a CD or from a flash drive, if you need to download it from another computer.
  24. I recommend not allowing TDSSKiller to delete anything. Select Cure if it is available, otherwise select Skip.
  25. The following ZIP file contains a batch file which will create the registry entry for you. Please download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.