All kinds of strange things happening lately. Not sure if all are related or possibly several isolated issues that happened to occur around the same time. Anyway, Here's a short rundown of all things that have been going on and what I've done about it. PART 1: About two weeks ago I suddenly lost the ability to control audio using the multi-media keys on my Microsoft Keyboard (volume up, volume down, play, pause and mute). Additionally, the volume and mute buttons on my USB desktop speakers were not working.
- Ralink Wireless Drivers Windows 10
- Installshield Wizard Download
- Ralink Wireless Lan Installshield Wizard Hangs Download
The only way I could control the volume was through Control Panel Sounds and Audio Devices. PART 2: A couple of days later I noticed that I can't use my printer.
I got a notice saying 'no printers installed'. I opened Control Panel Printers and Faxes. And saw that nothing was listed. Previously I had three printers installed and Cute PDF driver which acts as a printer to create PDF files.
They were gone. I can't say when exactly this occurred. I use the audio controls mentioned above on a daily basis, but I don't use the printers too often. PART 3: At this point I figured something is really screwed up.
Ralink Wireless Drivers Windows 10
I ran a couple of virus scans using Avast (Quick Scan) and MalwareBytes (Quick Scan). No infected files found. Without a clue as to what was causing all of this, I decided to do a System Restore to about a week before, when everything was alright and I hadn't made any important changes to my system since. So the System Restore was successful and presto - I got my multi-media keyboard working properly again and all my printers were back. PART 4: A couple of days went by and I noticed something strange when logging into my gmail account. Normally I could type in my username, hit TAB which would make the cursor skip to the password field, and since my browser remembers my password it is automatically filled-in so when I hit ENTER it logs in and goes to my inbox. But suddenly, when hitting ENTER, instead of logging in and going to my inbox, another smaller gmail login window would pop-up.
So I'd have two login windows on the screen. As a result, I'd have to use the mouse and click on the SIGN IN button to get to my mail. No big deal, but strange.
I asked about this in Gmail support forum and someone answered that it could either be a faulty Firefox add-on or possibly malware. I had not installed any new Firefox add-ons. PART 5: One day later, I was offered a really good deal from an Internet Service Provider. I figured I'd try it and switched from my previous ISP to this new one. A tech rep of the company helped me set up my router with a new username and password so that it logs in to their server. I logged in, internet was working great. One day after that I restarted my router by unplugging it's power cord for about 10 seconds.
This is something I do every couple of months or so when I think I'm having browsing problems. It normally does the trick. But this time when the router came back up, it seemed to be trying to login to my previous ISP server.
I got a message on my browser with the previous ISP logo saying that I'm not entering the proper username and password. So I called my new ISP tech support and one of their reps coached me through setting up the router again.
Surprisingly, this time it didn't work. The router would keep trying to access the previous ISP's IP. The changes we made were not saved by the router.
We tried again and I noticed that even after making the changes and hitting the APPLY button in the router's interface and after the 30 second countdown and router restart - the APPLY button would be still flashing as if saying that changes have been made and in order to register these changes the router needs to be restarted. But I just DID restart the router! We tried again. Hit APPLY, router restarted and the APPLY button would go back to flashing. And no internet connection. We tried a hard restart of the router which sets the router to manufacturer settings. We ran through the configuration wizard, hit APPLY, router restarted.
And APPLY button still flashing. The tech rep gave up and told me my router is faulty. This happened yesterday. I've re-routed my network cable skipping the router and connecting my computer directly to the DSL box.
So currently I am without wireless internet (which really sucks because my wife can't use her laptop and has to use my computer all day). PART 6: This morning, it was a nice sunny morning, I made myself some coffee and went to put some music from winamp. I clicked play, the music started and suddenly the music started to stutter with annoying pauses. I tried a different audio player - same results. I tried streaming music and playing a video on YouTube and all produced the same stutter. Even when restarting my computer hoping that it might solve the problem, The Windows 'Shut Down' and 'Start Up' chimes stuttered.
I tried re-installing my sound-card driver, but that didn't help either. The nice sunny day went sour and I was on the verge of throwing my computer out the window. PART 7: I was at a point of panic.
I didn't know where to turn. I opened up my computer case and sprayed a can of compressed air.
I meddled around with all the connectors and pci cards making sure that all was securely in place. I ran CCleaner and did a registry clean up (which I also did previously several times, but did it again anyway). I went through all my security software (Avast Antivirus, Comodo Firewall, SpywareBlaster and MalwareBytes) to make sure they were all fully updated and that protection was up and running. That is when I found out I wasn't using the most recent version of Avast Antivirus Free. I had version 5.9 installed and the current version is 6. So I updated Avast to version 6, restarted my computer and just a few moments after Windows XP came back up I got a warning from AVAST Antivirus.
It said something about being attacked or something. The important details are: OBJECT: 188.19.149.171:135/tcp INFECTION: DCOM Exploit ACTON: BLOCKED My first thought was 'Wow!' , maybe this is what has been giving me bleep all this time and the previous version of Avast just didn't catch it. I quickly googled DCOM Exploit and found this webpage: I followed the tips listed there. The patches it suggested I download and install didn't work. Windows told me that my Service Pack (SP3) is more recent than those patches.
So I just followed his other tip and changed the value for EnableDCOM from Y to N. To be on the safe side I did another quick scan with MalwareBytes and a full deep scan with Avast. Both came up clean. I restarted my computer. I tried putting playing that music I tried listening to earlier.
And it worked. Playback was smooth, no stuttering or pauses. Youtube played back fine as well! PART 8: A few minutes passed and the same Avast warning came up as before, about the DCOM exploit. Avast says it blocked the attempt.
So I guess I'm safe. But who knows. So the current situation now is that my audio is working fine for the moment, my printers are in tact, my router is screwy and currently disconnected. Oh and that google sign in window popping up still happens. I don't know what that is about.
So I'm not sure where I stand with all of this. Is my computer infected? Am I being targeted by some hacker or worm? Or is this all just a random collection unrelated quirks that by coincidence happened all within a week or so? I've wasted so much time trying to straighten things out and get my computer working normally again. And I really need some help in at least figuring out what those DCOM exploit messages are and making sure I'm not carrying around a bug in my pc.
Sorry for the long post. Just wanted you guys to have all the facts. Specs: Windows xp pro (sp3) Motherboard: ASUS P5Q Pro 4GB RAM Browser: Firefox 4 Wireless Router: 3COM 3CRWER100-75 (. If I've missed something that is needed, let me know and I'll post the relevant info) Thanks! Hello adifrank, Welcome to the Malware forum.
Please download to your Desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in netsvcs drivers32%SYSTEMDRIVE%.%systemroot%. /mp /s CREATERESTOREPOINT%systemroot% System32 config.sav HKEYLOCALMACHINE SOFTWARE Policies Microsoft Windows WindowsUpdate AU HKEYLOCALMACHINE SOFTWARE Microsoft Windows CurrentVersion WindowsUpdate Auto Update Results Install LastSuccessTime /rs hklm software clients startmenuinternet command /rs. Click the Run Scan button. Do not change any settings unless otherwise told to do so. O When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
These are saved in the same location as OTL. O Please copy (Edit-Select All, Edit-Copy) the contents of these files, one at a time, and post back here.
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum.
Just use as many posts as you need, that's fine. Hello adifrank, Firstly Please uninstall Comodo so that it doesn't interfere with the tools we are going to use.
You may reinstall it later if you wish. Now.
Please go to. Copy and paste the following file path into the 'Suspicious files to scan'box on the top of the page:. C: WINDOWS system32 epmntdrv.sys And do the same with this: C: WINDOWS system32 EuGdiDrv.sys. Click on the Upload button. Once the Scan is completed, click on the ' Copy to Clipboard' button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply.
Next Please run OTL.exe. Under the Custom Scans/Fixes box at the bottom, paste in the following:OTL O4 - HKLM. Run: File not found:Files ipconfig /flushdns /c:Commands emptytemp emptyflash resethosts Reboot.
Then click the Run Fix button at the top. Let the program run unhindered, reboot when it is done.
It will produce a log for you on reboot, please post that log in your next reply. Next You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here. If you no-longer have Malwarebytes please download from Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.
Once the program has loaded, select ' Perform Quick Scan', then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note). The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. So when you return please post. Virscan results.
Installshield Wizard Download
OTL fix log. MBAM log. VIRUS SCAN RESULTS VirSCAN.org Scanned Report: Scanned time: 2011/04/15 17:17:02 (CST) Scanner results: Scanners did not find malware! File Name: epmntdrv.sys File Size: 13192 byte File Type: PE32 executable for MS Windows (native) Intel 80386 32-bit MD5: f07ba56b0235f15eff8f10dc6389c42e SHA1: 67d4e043df4b8579bb36612ac396fcab964bdb8d Online report: Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 5.1.0.2 1442 2011-04-15 12.49 - AhnLab V3 2011.04.-04-14 7.01 - AntiVir 8.2.4.208 7.11.6.133 2011-04-15 0.36 - Antiy 2.0.5.76-02-05 0.12 - Arcavir 20-03-24 0.01 - Authentium 5.1.1 02 2011-04-15 2.27 - AVAST! Hello again adifrank, I have been thinking about that DCOM one mentioned in item 7 of your preamble. I see you have a program LogMeIn on your machine.
LogMeIn is used by IT helpdesks to provide remote support to customers and employees. I am wondering if this is what is causing Avast to alert you. I imagine that each time you restart your computer LogMeIn sets itself in preparation for use. Tell me if you know about the program and if you still want it.
For now though Please download to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply. If an infection is found, you will be presented with the following dialog: Enter 'Y' and hit ENTER for more options, or 'N' to exit: Type N and press Enter.
Ralink Wireless Lan Installshield Wizard Hangs Download
A report will be produced on the desktop. Post that report in your next reply.
When you return please post. MBR report. and tell me about the LogMeIn program. Hey emeraldnzl, thanks for helping me out with this! Let me just give you a quick update on the situation. The symptoms I described in part 1 and part 2 of my original post of this thread (problems with functionality of multimedia keys on keyboard, problems with functionality of audio control on usb speakers and printer drivers gone missing) have not recurred since I made that system restore I mentioned in part 3. The gmail login issue (mentioned in part 4) seems to be a matter with Firefox 4, because I can't reconstruct the problem in Chrome or IE.
The problem I had with my router, just one day after switching ISP. It seems like an unlikely coincidence, so to try and isolate the problem I renewed a temporary subscription with my previous ISP to see if the issue persists with them as well. And in fact, it did! So, since my router was about 3 years old anyways, I went out and got a new one. I have had no similar issues since installing my new router. Regarding the DCOM exploit warnings from Avast Antivirus (part 7) - I kept getting several of these warnings and they didn't seem to have any sort of consistent pattern about when they would appear (sometimes just after starting up computer, sometimes much later.).
If it matters any, the Objects mentioned in the warnings, which seem to be IP Addresses and port numbers, would change. Here are a couple I got and wrote down: 188.19.23.123:135/tcp & 94.72.93.23:135/tcp. I must add though, that since installing the new router, which was last Sunday, I haven't received any of those warnings, yet it could just be coincidental that both things happened around the same time. Concerning LogMeIn. It's a free program that I installed a while ago before flying overseas, so that I could have access to my computer back home in case I needed it.
I read good reviews about the service and actually used it a couple of times. Since returning, I haven't used it but I left it installed anyway since I thought that maybe I'll have use for it sometime in the future. If you think it might be causing issues, I have no problem uninstalling it. Just one thing I thought I might mention in relation to LogMeIn. I have the program installed on my laptop as well. My laptop also runs Windows XP and is configured fairly similar to my desktop.
Recently I noticed something a bit strange regarding LogMeIn. On my laptop - LogMeIn starts itself when Windows boots. Using RevoUninstaller, I set LogMeIn NOT to startup upon boot. Yet, it still does. I don't know why. The computer in question is my desktop, not my laptop.
That is just a side note I thought I'd mention since we're discussing LogMeIn. Hi adifrank, Concerning LogMeIn. LogMeIn is fine and many people use it. I was just wondering about your DCOM alert. Here are a couple I got and wrote down: 188.19.23.123:135/tcp & 94.72.93.23:135/tcp.
They appear to be Eastern Europe addresses. I would be suspicious of those but maybe changing your router has removed the problem. The first OTL scan we ran looked at some areas where infection of that sort might reside. In addition, the OTL fix we carried out fushed dns, reset hosts and removed temporary files that sometimes hold malware of that sort. I set LogMeIn NOT to startup upon boot.
Yet, it still does. The link below may be helpful: Now Please run a free on line scan with Note: these instructions were compiled using Firefox. IE users may find slight differences.
Just follow the prompts. Click the green Start Scanner button. Click the green Free Scan Now button.
Accept the plug in installation. Restart your browser if requested. Click the green Free Scan Now button again.
Accept the eula agreement. The scan should start. It will be relatively quick. Click View Report (note: this is not the facebook one - just click on the words View Report).
Notepad will open with a log. Save to your desktop. Copy and paste the report back here After that. Close all windows and open OTL again. Click Run Scan and let the program run uninterrupted. It will produce a log for you. Post the log here.
When you return please post. bitdefender report. OTL log. Hello again adifrank, At first I thought your machine was clean but on re-checking that last OTL log I see some malware there.
Now You will need to uninstall Comodo again before you use this tool. Please download ComboFix from one of these locations:. IMPORTANT!!! Save ComboFix.exe to your Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware.Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
When finished, it will produce a log for you. Please include the C: ComboFix.txt in your next reply. Hello adifrank, Do you have your Windows CD for that machine? Tell me when you come back. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it: Firefox:: FF - ProfilePath - c: documents and settings Administrator Application Data Mozilla Firefox Profiles 83qedcg9.default uStart Page = hxxp://ham.asksearch.com/?cfg=2-396-0-2pq3E Reboot:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C: ComboFix.txt. Please post that here for further review. Next. Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
Under the Custom Scan box paste this in: /md5start msgsvc.dll tcpip.sys /md5stop. Click the Run Scan button. Do not change any settings unless otherwise told to do so.
The scan won't take long. When the scan completes, it will open a notepad window, OTL.txt. This is saved in the same location as OTL. Please copy (Edit-Select All, Edit-Copy) the contents of the file and paste it into your reply. So when you return please post. ComboFix.txt.
OTL log. Hello adifrank, Couple of questions first: 1. Do you know what this file is?
E: My Documents??????? -?????????????????????????????833.pngIt has a png extension which is a portable network graphic file extension. It is showing up in My Documents. You have asksearch set as your default home page in IE. Is that intentional? Although this is the home page I am still suspicious because of the Comodo bundling of Ask with its product. Sometimes people don't realise they are changing their search engine.
Refer to this link: Next Run the System File Checker. You may be asked to insert your Windows CD during the scan so have it handy. Follow these steps:. Click Start Run and type sfc /scannow (note the space, it should be there), and then press ENTER.
Follow the prompts throughout the System File Checker process. Restart your computer when System File Checker process is complete. After that Run the OTL scan again. Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted. Under the Custom Scan box paste this in: /md5start msgsvc.dll tcpip.sys /md5stop.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window, OTL.txt. This is saved in the same location as OTL.
Please copy (Edit-Select All, Edit-Copy) the contents of the file and paste it into your reply.