Jump to content

GT500

Emsisoft Employee
  • Content Count

    13803
  • Joined

  • Days Won

    433

Posts posted by GT500

  1. There's any easy way to find out if Emsisoft Anti-Malware is causing this issue.

    1. Right-click on the Emsisoft Anti-Malware icon in the System Tray / Notification Area (down by the clock).
    2. Select Shut down Guard (you will be asked to verify by typing in the code displayed in the CAPTCHA image).
    3. Hold down the key on your keyboard that has the Windows logo on it (usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
    4. Type in services.msc and click OK.
    5. Find the Emsisoft Anti-Malware service in the list (should be alphabetical) and click on it to select it.
    6. Click the Stop link in the area to the left of the list.

    This will completely disable Emsisoft Anti-Malware, allowing you to test and see if our service is what is causing the problem.

  2. OK, I'm seeing some stuff in the MBAM log that needs removed. Only remove the things I have listed in the box below, as well as anything related to MyWebSearch (they are too numerous to list below and still be easy to follow):

    C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll (Trojan.Agent.GMAGen) -> No action taken.
    ...
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll",DllRegisterServer -> No action taken.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll",DllRegisterServer -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.
    ...
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\c3478a0-6f42fcd2 (Trojan.Zbot.Gen) -> No action taken.
    ...
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Yahoo!\Yahoo!\ulbzyvwiq.dll (Trojan.Agent.GMAGen) -> No action taken.

    As for the TDSSKiller log, I do see a TDSS filesystem that could be removed, so go ahead and do that after running Malwarebytes Anti-Malware again and removing the items I listed above. Make sure that you select to skip everything else in TDSSKiller, unless there is a Cure option. Do not select Delete for any detections except the TDSS filesystem. You most certainly do not want TDSSKiller to delete unsigned drivers, as not every unsigned driver is malicious (even some of our drivers lack a digital signature).

  3. Interesting. Are you certain that you don't have problems with your CD drive?

    Also, do you know what version of Windows Media Player you have installed? I would believe that 11 is the latest version.

    As for VLC's logs, I'm not sure where it saves them. I don't see any on my computer. Another possible alternative would be SMPlayer, however if you have more than one CD drive you usually have to go into the options and tell it which drive has the CD in it.

  4. 1. Good morning, follow-up on last post. I didnt UNinstall the old audio driver as comp told me Dell driver folder could not be found & you also could not find it. However, I did find it after I had downloaded the new one & deleted it. Old driver was directly in Dell folder & not where it should have been (did check the number & date 1st). Good news, system sounds etc are now working fine - Thanks very much for that link .

    You're quite welcome. ;)

    3. Still cannot play CD/DVD - whatever had gotten into my machine sure did a good job of messing it up!! Getting there tho & much, much better.

    Are you trying to play them in Windows Media Player? Does something such as VLC media player play CDs and DVDs OK?

  5. You're quite welcome. ;)

    Since everything seems OK, I am going to go ahead and close this topic.

    Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.

  6. According to Dell, the download at this link is the audio driver for your computer.

    It might be prudent to uninstall the old audio driver before installing this one, however I just reviewed your OTL Extras log from your first post and I can't find it in the uninstall list... Go ahead and try installing that driver from Dell, and let me know if it helps. ;)

  7. Re: ...you could get a DebugView log...?-

    I searched Help, but couldn't find out how to use/create this log? :wacko:

    Update:

    I Googled & found DeBugView log instructions for EAM here-

    http://support.emsisoft.com/topic/7755-problems-with-automatic-updates/

    The following ZIP file contains a batch file which will create the registry entry for you.

    Please download DebugView from this link:

    1. When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'.
    2. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All".
    3. Open the new DebugView folder that was created on your Desktop after extracting.
    4. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator".
    5. Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item).
    6. Do whatever it is you need to in order to replicate the issue.
    7. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop.
    8. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls.

    Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.

  8. Rules are created when the Behavior Monitor asks you about a program. Whether it is 'Monitored', 'Blocked', or 'Allowed' depends on what you select when Emsisoft Anti-Malware asks you about a program. I misunderstood why you were asking about these monitored programs at some point, so my apologies for the confusion.

    Fixing the sound issue could be difficult, as there are a number of potential causes. It could be a driver issue, it could be a DirectX issue, it could be an issue with the sound card (or the audio chip on the motherboard if it is integrated audio), it could be an issue with the speakers, it can be an issue with the cord that connects the speakers to the computer, and it can even be an issue with the power going into the speakers. Since driver issues can be fairly common, we can start with that, and see if we can fix it.

    May I ask what model number your computer is, and who made it? This will allow me to look up what drivers to have you download for the audio.

  9. OK, that's in the System Restore, and you won't have to worry about that once the System Restore is emptied.

    Here's some final instructions for you:

    1. Make Sure Java is Updated:

    1. Click on the
      Start
      button.

    2. Click on
      Control Panel
      .

    3. Click
      Add or Remove Programs
      .

    4. Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed.

    5. Click on
      this link
      and download and install the latest Java (the
      Windows Online
      download will be faster).

    2. Make Sure Adobe Flash is Updated:

    1. Click on
      this link
      and download the latest version of Adobe Flash Player for your web browser.

    2. You will need to close your web browser when installing Flash.

    3. Make Sure Adobe Acrobat Reader is Updated:

    1. Click on the
      Start
      button.

    2. Click on
      Control Panel
      .

    3. Click
      Add or Remove Programs
      .

    4. Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you
      do not
      need to uninstall it).

    5. Click on
      this link
      to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader.

    (please note that some people do prefer to use third-party PDF viewers such as
    PDF X-Change Viewer
    and
    Foxit Reader
    which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader)

    4. Make Sure Your Computer Has The Latest Windows Updates:

    1. Click on the
      Start
      button.

    2. Go to
      All Programs
      .

    3. Click on
      Windows Update
      .

    4. If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it.

    5. Once it is loaded, click on the
      Express
      button.

    6. It will check for available updates, and once it is done you can click the
      Install Updates
      button.

    7. It may ask you to accept a license agreement before it installs, so make sure you say
      Yes
      .

    8. When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart.

    9. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed.

    5. Web Of Trust Extension:

    While this is not a requirement, I highly recommend that you click
    this link
    and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database.

    6. Empty The System Restore:

    1. Click on the
      Start
      button.

    2. Right-click on
      My Computer

    3. Select
      Properties
      from the list.

    4. In the window that pops up, click on the
      System Restore
      tab.

    5. Click the check box to
      Turn off System Restore
      .

    6. Click the
      Apply
      button at the bottom-right, and answer
      Yes
      to the question.

    7. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it.

    8. Click the check box to
      Turn off System Restore
      again and click
      OK
      to turn the System Restore back on.

    9. Click on the
      Start
      button again.

    10. Go to
      All Programs
      .

    11. Go to
      Accessories
      .

    12. Go to
      System Tools
      .

    13. Click on
      System Restore
      .

    14. Select
      Create a restore point
      on the right, and click
      Next
      at the bottom.

    15. Enter a description for the restore point, and click
      Create
      .

    16. Click
      Close
      to finish the process.

  10. Lets try this. Please reset the Windows TCP/IP settings by following these steps:

    1. Click on the Start button.
    2. Go to All Programs.
    3. Go to Accessories.
    4. Right-click on Command Prompt and select Run as administrator.
    5. Type in netsh int ip reset c:\resetlog.txt and then press Enter on your keyboard.
    6. Restart your computer.

    Let me know if that makes any difference.

  11. I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

    1. Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:
    2. Then click the Run Fix button at the top.
    3. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
    4. After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

  12. If you can get the Linux disk to work, then you should be able to download files through it and save them on your hard drive. There should be an Internet browser named Konqueror on the Fedora Linux disk, since it is the KDE version and KDE always comes with Konqueror. It may also come with Firefox, as that at least used to be the default browser on Fedora Linux.

×
×
  • Create New...