GT500

Emsisoft Employee
  • Content Count

    10989
  • Joined

  • Days Won

    315

Everything posted by GT500

  1. OK, that MBAM log shows a couple of things were scheduled to be deleted on reboot, so I'll need you to run another Quick Scan with MBAM just to make sure that it did remove them. Also, make sure to update it before running the scan. Yes, TDSSKiller has no 'cure' option for removing the TDSS filesystem. That's because the only way to deal with the TDSS filesystem is by deleting it. Technically, it should have been disabled by an earlier TDSSKiller run where I asked you to 'Cure' the detections that had that option (should be on the first page of this topic somewhere), however deleting it should still be safe.
  2. Windows hides most icons in the System Tray / Notification Area by default. There should be a little triangle-shaped button down there next to the icons that you can click on to see the hidden icons.
  3. It isn't possible to remove the Windows components that allow for accessing CD and DVD drives when uninstalling iTunes and Silverlight. Windows has file protection in place that will automatically restore those components from a backup even if something were to delete them, so that shouldn't be what is causing the issue. Chances are, based on the symptoms that you are describing, that it is the DVD drive itself which is not working, however it is difficult to know for certain without being able to connect a good CD or DVD drive to your computer and checking to see if you can play your CDs and DVDs from it.
  4. There's any easy way to find out if Emsisoft Anti-Malware is causing this issue. Right-click on the Emsisoft Anti-Malware icon in the System Tray / Notification Area (down by the clock). Select Shut down Guard (you will be asked to verify by typing in the code displayed in the CAPTCHA image). Hold down the key on your keyboard that has the Windows logo on it (usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog. Type in services.msc and click OK. Find the Emsisoft Anti-Malware service in the list (should be alphabetical) and click on it to select it. Click the Stop link in the area to the left of the list. This will completely disable Emsisoft Anti-Malware, allowing you to test and see if our service is what is causing the problem.
  5. OK, I'm seeing some stuff in the MBAM log that needs removed. Only remove the things I have listed in the box below, as well as anything related to MyWebSearch (they are too numerous to list below and still be easy to follow): C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll (Trojan.Agent.GMAGen) -> No action taken. ... HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll",DllRegisterServer -> No action taken. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll",DllRegisterServer -> No action taken. HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken. ... C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\c3478a0-6f42fcd2 (Trojan.Zbot.Gen) -> No action taken. ... C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll (Trojan.Agent.GMAGen) -> No action taken. As for the TDSSKiller log, I do see a TDSS filesystem that could be removed, so go ahead and do that after running Malwarebytes Anti-Malware again and removing the items I listed above. Make sure that you select to skip everything else in TDSSKiller, unless there is a Cure option. Do not select Delete for any detections except the TDSS filesystem. You most certainly do not want TDSSKiller to delete unsigned drivers, as not every unsigned driver is malicious (even some of our drivers lack a digital signature).
  6. Interesting. Are you certain that you don't have problems with your CD drive? Also, do you know what version of Windows Media Player you have installed? I would believe that 11 is the latest version. As for VLC's logs, I'm not sure where it saves them. I don't see any on my computer. Another possible alternative would be SMPlayer, however if you have more than one CD drive you usually have to go into the options and tell it which drive has the CD in it.
  7. There's no security problem with creating this registry entry. It just tells EAM to output debug information that DebugView can capture, so that we can see what's going on when this problem happens.
  8. You're quite welcome. Are you trying to play them in Windows Media Player? Does something such as VLC media player play CDs and DVDs OK?
  9. Malwarebytes Anti-Malware is a popular removal tool (especially on UNITE and ASAP help forums), however it is not currently the most effective against rootkits. I actually use it myself, alongside Emsisoft Anti-Malware of course.
  10. Thread reopened per user's request.
  11. You're quite welcome. Since everything seems OK, I am going to go ahead and close this topic. Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.
  12. According to Dell, the download at this link is the audio driver for your computer. It might be prudent to uninstall the old audio driver before installing this one, however I just reviewed your OTL Extras log from your first post and I can't find it in the uninstall list... Go ahead and try installing that driver from Dell, and let me know if it helps.
  13. Yes, you can copy files to a CD if the CD is formatted with a UDF filesystem. TDSSKiller can be run from a CD or from a flash drive, if you need to download it from another computer.
  14. I recommend not allowing TDSSKiller to delete anything. Select Cure if it is available, otherwise select Skip.
  15. The following ZIP file contains a batch file which will create the registry entry for you. Please download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  16. Rules are created when the Behavior Monitor asks you about a program. Whether it is 'Monitored', 'Blocked', or 'Allowed' depends on what you select when Emsisoft Anti-Malware asks you about a program. I misunderstood why you were asking about these monitored programs at some point, so my apologies for the confusion. Fixing the sound issue could be difficult, as there are a number of potential causes. It could be a driver issue, it could be a DirectX issue, it could be an issue with the sound card (or the audio chip on the motherboard if it is integrated audio), it could be an issue with the speakers, it can be an issue with the cord that connects the speakers to the computer, and it can even be an issue with the power going into the speakers. Since driver issues can be fairly common, we can start with that, and see if we can fix it. May I ask what model number your computer is, and who made it? This will allow me to look up what drivers to have you download for the audio.
  17. OK, that's in the System Restore, and you won't have to worry about that once the System Restore is emptied. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it. Once it is loaded, click on the Express button. It will check for available updates, and once it is done you can click the Install Updates button. It may ask you to accept a license agreement before it installs, so make sure you say Yes . When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on My Computer Select Properties from the list. In the window that pops up, click on the System Restore tab. Click the check box to Turn off System Restore . Click the Apply button at the bottom-right, and answer Yes to the question. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it. Click the check box to Turn off System Restore again and click OK to turn the System Restore back on. Click on the Start button again. Go to All Programs . Go to Accessories . Go to System Tools . Click on System Restore . Select Create a restore point on the right, and click Next at the bottom. Enter a description for the restore point, and click Create . Click Close to finish the process.
  18. OK, that log looks better. Are you able to run a scan with Emsisoft Anti-Malware? Does it detect anything?
  19. If you remove the rule, then is the file still detected when running a scan? You can remove the rule by following the instructions in the following screenshot (if it is too small to read, then you can click on it to make it bigger):
  20. Lets try this. Please reset the Windows TCP/IP settings by following these steps: Click on the Start button. Go to All Programs. Go to Accessories. Right-click on Command Prompt and select Run as administrator. Type in netsh int ip reset c:\resetlog.txt and then press Enter on your keyboard. Restart your computer. Let me know if that makes any difference.
  21. Well, a screenshot showing the detection might contain enough information to submit a false positive report. Here's a link to instructions on how to take a screenshot. You can attach it to a reply the same way you have been attaching the logs.
  22. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  23. You're quite welcome. Let me know how it goes, and if it makes any difference with the problem. I don't actually think it will fix it, but with a problem like this it is hard to say what will (other than restoring the system to a state it was in before this happened).
  24. OK. It's possible that a failing hard drive combined with one of Online Armor's drivers was the cause of the issue. Let us know if you have any further trouble.