Over 1 million tech questions and answers.

Shocking "Rootkit" result from results from GMER scan

Q: Shocking "Rootkit" result from results from GMER scan

I scanned my laptop with gmer, and I was suprised because it showed lots of malware / rootkit. Are these result reliable ?
 
 

RELEVANCY SCORE 200
Preferred Solution: Shocking "Rootkit" result from results from GMER scan

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Shocking "Rootkit" result from results from GMER scan

Hello,
Actually that log looks clean. What do you think is an indication of malware in this log? It just looks like you have Comodo or something similar installed which explains what you see in the log.

Read other 5 answers
RELEVANCY SCORE 105.6

Here's the result after I scanned the computer. I hope this would help to solve my problem. I also want to thank you all for helping me.

DDS (Version 1.0) - NTFSx86
Run by Aaron Tran at 22:08:32.39 on Mon 11/24/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1501 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\... Read more

A:Rootkit, Gmer and DDS scan result

I Have A Message Saying" Error In:c\windows\system32\caewqgeycilvoe.dll
Missing Entry:dllstart:".
I Currently Run On Xp Home Edition. After I logged in, everything on the desktop disappeared. The only left to see is the screen saver. Results shown above after the Gmer and DDS scan. Please advise of what to do and how to fix this. Thank you!

Read other 3 answers
RELEVANCY SCORE 84.4

My GMER anti-rootkit scan resulted in the following message 'GMER has found system modification caused by ROOTKIT activity'. How do I address/correct this problem? It is not specific.
 

Read other answers
RELEVANCY SCORE 78.4

I was told to post the complete log of the GMER scan. It is attached. What's the next step I need to take?Many thanks in advance.

A:Results of GMER scan... What now?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 22 answers
RELEVANCY SCORE 77.6

These are the results I obtained from a Gmer scan in safe mode. None of these were highlighted in red, btw is the red highlighting an indicator of harmful infection?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-25 18:16:38
Windows 6.0.6002 Service Pack 2
Running: 9xibzucq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002186d2c7c5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x0C 0xF1 0xA6 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d2c7c5
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTE... Read more

A:Don't understand Gmer scan results, please help

Hello and Welcome to TSF.

I see nothing malicious in your gmer log. If you think you are infected, and wish to seek help, follow the instructions below.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 76.8

Following instructions for virus/spyware removal and cannot get past GMER scan process. Each time I run the scan the computer locks up when attempting to save. I have tried it 5 times with no success. DDS.txt and Attach.txt files have been saved....no problem with this process. Scan process for GMER.exe. results in "not responding" message and entire screen locks up. Any suggestions?


savereportcrash

A:Unable to save GMER.exe scan results

Hi -

Post the logs from DDS.

Does gmer lock up if you try to save the initial scan?


Let's try this version of gmer. We're going to try running it in a different fashion, also.


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply

---------------------------------------------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 76.8

QUOTE(cryptodan @ Sep 18 2010, 02:54 PM) QUOTE(thinkfocus @ Sep 18 2010, 05:36 PM) Hi,Kinda green. After sifting through the forums, I have decided to post here. Could not think of where else to post this.This is the box message I have been getting after bringing this Acer back from the dead using M'bytes, Pareto etc:"Access violation at address 00341187 in module 'ServiceControl.dll'. Write of address 00405E49." Given that this is an Acer Aspire 3690, on XP I should tell that efforts to get to Acer's recovery ware have failed too. I can use the system, it is not slow (yet). I had removed the AntiVirus Pro at some point in June. I then used Pareto to try to optimize.thoughts?thinkfocusWith what you have said your computer may not be as clean as you think it is:Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new top... Read more

A:DDS & GMER scan results for review for malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 6 answers
RELEVANCY SCORE 76.8

I was recently infected with "Antimalware Doctor", which could not be resolved with Windows Defender or Microsoft Security Essentials. Finally, an OS "repair" using the Vista Home Premium DVD seemed to get rid of it... but I still have problems with multiple instances of iexplore.exe opening in the background, accompanied by random pop-up ads every 20 minutes.

Malwarebytes' Anti-Malware detects nothing. I finally decided it was time to post my problem here with a DDS and GMER log, but GMER keeps crashing to BSOD a few minutes into the scan! What do I do?

A:GMER scan results in BSOD crash

Hello Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Try GMER in Safe Mode. If Gmer still won't run,skip it and move on.Let me know if that went well.

Read other 3 answers
RELEVANCY SCORE 76.4

Attach.zip

DDS.txt

gmer.txt

Attachment 36965
Here are my results to see if i have a rootkit virus. Could you please help me to see if i have one. Thanks Harry

A:ROOTKIT Here are my results for dds attach,gmer

For help w/ this issue, proceed to to our Security Center, HiJackThis Log Help Forum, to have your HJT logs reviewed by a Security Analyst.

Please be sure to follow THESE STEPS carefully before posting your logs in the HJT Log Help Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 75.2

Greetings;

Following a loan of this laptop?noticed search results being high jacked: links would look good, clicking led to bogus pages. Of course my surfing may have been the cause as well.

Had a tech friend try to fix the issue, believe he was using hijack this?.to no avail.

End result: search results continued to be hijacked. PC shuts down after 40min with the following (paraphrased) error: ?windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly?

DDS logs below, tried running gmer 3 times, got a blue screen and ?a problem has been detected and windows has been shut down?. Zipped attach file uploaded.

I do have a reinstallation CD for xp home sp2 and have backed up my documents to an external drive.

Sure looks like I?ve got something icky. Thanks in advance for your time.

Eric





DDS (Ver_09-12-01.01) - NTFSx86
Run by Main at 14:39:13.46 on Wed 01/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1423 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\... Read more

A:Search results hijacked - pc shuts down - gmer does not complete scan

Let's try this version of gmer. We're going to try running it in a different fashion, also.


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply

---------------------------------------------------------------------------------------------

Read other 16 answers
RELEVANCY SCORE 74.8

Hello,I was asked to "speed up" an older laptop for a friend. After exhausting my knowledge without solving the problem, I turned to the internet for assistance and thankfully found Bleepingcomputer. My initial post was here, and after several scans I have been referred to this forum. In short, at the outset the computer was extremely slow, definitely suffering from the presence of System Tool as well as a google redirect. My independent efforts, using tools such as Spybot S&D, CCleaner, MBAM, SAS, and Hitman Pro removed several types of malware though also suggested the presence of a rootkit.At present, the computer seemingly functions normally, though Hitman Pro continues to report the following error: "Proxy server on this computer (User) 127.0.0.1:23012" It reports this error twice in each scan, and is able to repair it, however the finding reappears after any restart.The requested logs are pasted and attached below. The only variance from the preparation guide protocol is that GMER was run without unchecking the IAT/EAT box, I can certainly repeat that scan if needed. Thanks so much for your help in advance.DDS.txt:DDS (Ver_10-12-12.02) - NTFSx86 Run by Lisa Pastel at 22:35:01.00 on Tue 12/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1938 [GMT -5:00]AV: avast! Internet Security *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Internet Security *Enabled*... Read more

A:rootkit activity per GMER scan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

Read other 36 answers
RELEVANCY SCORE 74.8

I have six computers that have been affected by a virus or some kind of issue. This computer i scanned as instructed and have the following results. Every computer was hit a little different but I found the vundo trojan on two that I removed, but this and 3 others I did not even find any malware when scanning with malwarebytes. I figured I would start with this computer and hopefully it will give me a way of fixing the rest or at least tell me how to look. Below is the DDS.txt log as requested.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by VIP at 13:04:30 on 2012-08-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.22 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\windows\system32\pctspk.exe
C:\windows\system32\slserv.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.e... Read more

A:GMER Scan found rootkit

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 74.8

i have scanned with gmer rootkit scan and saved the logfile in my documents as a txt file. i don't know how to read it, so that i can see that i don't have a rootkit detected by gmer.
i don't know how to post the log, or even if i am allowed to.
could someone here please help me hopefully through the process of posting, and reviewing the log. any info will be permanently archived in a folder with the programme accompanied by a large collection of anti-malware tools i have accumulated.
thanks.

Mod Edit~ This topic has been moved to the "Am I Infected forum." This forum is better suited for the question you have asked.

A:Can I Post My Gmer Rootkit Scan Here? If So, How?

When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.Important! Please do not select the "Show all" checkbox during the scan..

Read other 4 answers
RELEVANCY SCORE 74

Here are logs:

GMER 2.1.19357 - http://www.gmer.net
3rd party scan 2014-10-02 04:47:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA330 rev.JP4OA3MA 931.51GB
Running: i7tjqdjp.exe; Driver: C:\Users\nots0\AppData\Local\Temp\fgloqpoc.sys
---- User code sections - GMER 2.1 ----

.text C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[2912] USER32.dll!LoadStringW 7659DFBA 5 Bytes CALL 100011A2 C:\Program Files\DAEMON Tools Pro\BRD.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtCreateFile 770D5608 5 Bytes JMP 64A8A210 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtFlushBuffersFile 770D5998 5 Bytes JMP 64A6EB90 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtQueryFullAttributesFile 770D6028 5 Bytes JMP 64A89C70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtReadFile 7... Read more

A:Computer infected w/ rootkit from Gmer scan

Reg HKLM\SOFTWARE\Classes\[email protected] C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg HKLM\SOFTWARE\Classes\iTunes.aif\shell\open\[email protected] C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg HKLM\SOFTWARE\Classes\[email protected] C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg HKLM\SOFTWARE\Classes\iTunes.aifc\shell\open\[email protected] C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg HKLM\SOFTWARE\Classes\[email protected] C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg HKLM\SOFTWARE\Classes\iTunes.aiff\shell\open\[email protected] ... Read more

Read other 12 answers
RELEVANCY SCORE 74

I have been following the steps but am having a problem with the GMER scan it will scan for a few min. then shuts down the PC with "Fatal System Error".So I have included the initial log from the GMER scan prior to full scan and it does include the Rootkit.Agent that I cannot get rid of.ThanksBryan

A:Rootkit.Agent GMER scan will not complete

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 3 answers
RELEVANCY SCORE 74

Hello there!

I followed the "Preparation Guide For Use Before Using Malware Removal Tools and Asking for Help" instructions up to the point where Gmer is open, and I am asked to uncheck several boxes before the scan. The problem is that most of the boxes are already unchecked and greyed out so that I cannot check them. Therefore, the Gmer scan does not include System, Sections, Devices, Modules, Processes, Threads, and Libraries.

I ran the scan anyways, and Gmer isolated no files after scanning Services, Registry, and Files in C:\ drive.

Therefore, I would like to know whether it is necessary that the Gmer scan include the missing categories, and if so, how I can make sure they are included in the next scan that Gmer runs?

Thank you very much!
Esther

Read other answers
RELEVANCY SCORE 73.2

Help! I am following the instructions that say "read this before posting for malware removal help". Can't get the GMER Rootkit Scanner to scan. I click scan & nothing seems to happen. I wait & wait & see nothing. What am I doing wrong?

A:[SOLVED] GMER Rootkit Scanner doesn't seem to scan

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see your logs from running dds. Please post DDS.txt in, and attach Attach.txt to, your next reply.

------------------------------------------------------

I need to see a gmer log in order to help you. Let's try this special version of gmer.

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your de... Read more

Read other 14 answers
RELEVANCY SCORE 72.4

I've downloaded GMER and run a scan on one of my ws. A user complain that after he used it to check his Yahoo mail, his Yahoo account started to send spam with links to malicious site to all his contacts... I had Avira running on that PC it is updated with last definitions and complete system scan is run every day - no alerts or detections. I scanned the pc with Mbam also- nothing found. I decided to check with GMER for rootkits... And there are a lot of entries listed in GMER under Rootkit/Malware tab but scan finished without any warning of detection whatsoever. Also - no red lines... But I am still confused - is these listed under Rootkit/Malware detections or?

Please find attached GMER log file...

Thanks in advance for your help.
 gmer.log   7.71KB
  19 downloads

Regards,

A:GMER scan, a lot of entries listed under Rootkit/Malware - I am infected?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 9 answers
RELEVANCY SCORE 71.6

I'm not sure how my DELL XPS M1530 laptop got the NTOSKRNL-HOOK Trojan, but it might have been from repeatedly downloading different versions of the same game in order to extend the free trial. I downloaded Family Feud, MahJongg, and The Price Is Right from the iWin.com and Jenkat Games programs, as well as from other Web sites, some of which, in hindsight, may not have been legitimate.

The irony is that right before my computer first crashed, I'd just finished a scan with McAfee and no problems showed up. About 10 minutes after the scan, in the middle of playing an online game and talking on Yahoo Messenger, the dreaded blue screen of death popped up!

Since then, I have not been able to start up Windows in Normal Mode. Every time I try to do a System Restore, the blue screen appears immediately after I type in my user name and password when the computer restarts.

After starting up in Safe Mode and performing a Quick Scan with McAfee, my laptop finally found the NTOSKRNL-HOOK Trojan and supposedly removed it. A subsequent Full Scan right after the first showed that the NTOSKRNL-HOOK Trojan was still on my computer, but claimed that, once again, it was removed. However, all other scans from that point on have found and "removed" this pesky trojan, but it still persists.

I really want to backup my files or salvage whatever data I can, but I have had many problems trying to do so! Since the trojan has taken my laptop over, I can no longer see my external h... Read more

A:NTOSKRNL-HOOK Trojan: my laptop can't complete the GMER Rootkit scan!

Hi,

See if you can get GMER to run in safe mode...close down all other programs while it scans.

Also, see if this program will run and post the logs


Please download Sysprot Antirootkit from >>>HERE<<<

Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select ALL ITEMS
Look near the bottom left, and Check Hidden Objects Only
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

Read other 19 answers
RELEVANCY SCORE 70.8

Hello,Here is a brief story: A few weeks ago I thought I had some kind of malware on my computer, because my computer showed the symptoms I described in another post. About three weeks ago, I reinstalled Windows XP (Home Edition 2002 Version Service Pack One) onto my computer (Sony Vaio Model PCV-2222) and everything seemed fine. A few days later I started getting Google redirects. A few days after that I couldn't open certain image files on my computer. I was growing worried today when I couldn't open images on my computer, so I decided to run a Gmer scan, when all of a sudden something strange happened. Shortly after I started the scan, the Gmer program found hundreds of files in the registry, and it identified the "type" of those files as "SDSS." Then the computer restarted itself. I ran the scan again, and it only found one file. I'll post the results below. I don't know what to do, but I will be very helpful if anyone can lend a hand.Cordially,AbraHere's the dds:DDS (Ver_10-12-12.02) - NTFSx86 Run by [ABRA] at 14:00:42.92 on Fri 01/14/2011Internet Explorer: 6.0.2800.1106Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.760.455 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS&#... Read more

A:Google Redirects, Computer Restart During Gmer Scan, Possible SDSS Rootkit Infection?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 64
A:It says Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.1. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE2. We Need to check for Rootkits with RootRepealDownload RootRepeal from the following ... Read more

Read other 21 answers
RELEVANCY SCORE 61.6

Below are Bazooka scanner, dds and gmer scan results. Exe files are not working properly. Any executable I open immediately asks for a file to open the program. I can run some programs by browsing for the executable again but does not work for everything. Some programs won't work or install. here is my latest scan results using bazooka / dds / and gmer.BAZOOKA SCAN--------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************Result when scanning:SystemDir.explorer 545.505.000 %SystemDir%\explorer.exeC:\Windows\system32\\explorer.exehttp://www.kephyr.com/spywarescanner/library/systemdir.explorer/index.phtmlSystemDir.regedit 544.500.000 %SystemDir%\regedit.exeC:\Windows\system32\\regedit.exehttp://www.kephyr.com/spywarescanner/library/systemdir.regedit/index.phtml********************************************************************************************************************************************DDS SCAN------------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************.DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Ex... Read more

A:Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.

Read other 2 answers
RELEVANCY SCORE 61.2

The Intel Driver & Support Assistant said that it had an update: Intel® Graphics Driver for Windows* [15.40]. When I did a scan with the Lenovo Companion app, it said there were no updates available. Why the difference of opinion betwee the two apps?

Read other answers
RELEVANCY SCORE 60

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:50 AM, on 19/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Users\Rowena\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
... Read more

Read other answers
RELEVANCY SCORE 56.8

Good afternoon,

I have been experencing really low internet speeds on my computer. I have ran many tools such as HiJack this, ComboFix, AVG (Including rootkit) and Malwarebytes. Several of these tools found things here and there which seemed to have been removed.

I have set my computer up to dual boot WIN XP/WIN 7. I only experience the low speeds while using Win 7 which seems to make me thing that something is taking the majority of my bandwidth usage.

Could any take a look at my logs and see if there is anything going on before I decide to reinstall the os.

P.S I have also included my HijackThis log file.

Thanks in advance!

A:DDS scan and GMER scan log files.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===This process looks suspicious.C:\Users\James\Desktop\Security Tools\mb9soxkz.exeDo you know what it is?Did you installed this driver or do you know which application needs it.R1 enport;enport;c:\windows\system32\drivers\enport.sysIt may be valid but I cannot find sufficient information on it.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleeping... Read more

Read other 2 answers
RELEVANCY SCORE 56

Original post

http://www.techsupportforum.com/f50/...ge-384302.html

Well GMER stopped responding after about an hour of scanning.

I do have the results of DDS, though

also I forgot to tell you that when I was trying to look at the contents of my windows folder in my C: drive, it was completely empty, but while it was scanning (it stopped responding around uninstall service pack ...) it did scan contents inside the Windows folder.

Also, I do have spywareblaster, Malwarebytes, Windows Defender, AvG, panda scan, and other things.

DDS (Ver_09-05-14.01) - NTFSx86
Run by User at 16:00:32.51 on Wed 06/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.146 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program F... Read more

A:Results of DDS/GMER

I also wanted to add that I just saw a jlt.exe or something simliar and when I ended that process, the computer started running semi-normal again.

I had actually done 3 system restores.

Also my system seems to be running normally when I have windows task manager running.

Read other 7 answers
RELEVANCY SCORE 55.6

I have Avast version 4.7 Home Edition Free installed on my computer.

When I ran a scan today with Avast, it detected a virus and I deleted it. I then ran another scan and there were no viruses reported.

Then I went to Kaspersky's online virus scanner and ran it and it detected 2 viruses on my computer, but of course the only way to get rid of the one's detected is to purchase Kaspersky Anti Virus.

Questions are.
1. How did the virus that Avast detected get on the computer in the first place? I have the on access protection control running with all of the modules activated with the exception of Outlook (I do not have Outlook on my computer).

2. Why is Kaspersky detecting 2 viruses on my computer at the present time and Avast detects none?

Do I need to ditch Avast Free and pay for Kaspersky as a better Virus protector.

Thanks for any ideas and suggestions,

Jerry
 

A:Solved: Avast scan resuts vs Kaspersky scan results

Read other 6 answers
RELEVANCY SCORE 55.2

My brother has a problem on his Windows XP SP3 Desktop.

He picked up Windows Fake alert virus a few days ago. We have used MBAM to remove the virus and UNHIDE to restore hidden folders. Generally the PC seem to run OK and MBAM does not detect any problems.

However, his PC is now occasionally giving blue screens. I've use WinDbg to interpret the minidump files and they seem to point at nv4_disp.dll. We reinstalled the graphics adaptor driver but that has not fixed the problem.

I've just run GMER and the results are below. Do these point to nv4_mini.sys, sunkfilt.sys and nv4_disp.sys being infected? and if so how do I go about replacing them?

Stan


0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-22 13:01:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_4R080L0 rev.RAMC1TU0
Running: kwvjklqk[1].exe; Driver: C:\DOCUME~1\JVCHRI~1\LOCALS~1\Temp\ufpyauog.sys
---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF81EB340, 0xFFF3F, 0xF8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF88972E0]
.text C:\WINDOWS\System32\nv4_disp.dll ... Read more

A:Interpreting GMER Results

I don't see any bad things there. I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push NOTE: In some instances if no malware is found there will be no log produced.

Read other 5 answers
RELEVANCY SCORE 55.2

Hi, for a few weeks i've had constant pop-ups and pages redirected after getting the 'flashplayer has stopped working' page. Also browser jumping while trying to read websites. And 'shockwave flash has crashed' underneath the address bar.

I did a scan using Microsoft Security Essentials, and malwarebytes. I found two viruses

Trojan.SProtector
BrowserModifier:Win32/Zwangi

I deleted both of these. I'm running Windows 7 SP1 and here is my logs for the two requested scans:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Home at 14:46:49 on 2014-04-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3992.2629 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\sy... Read more

A:DDS and GMER log file results please and thanks!

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Mobogenie<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Mobogenie

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Shopping Helper Smartbar<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\ShOppDrop

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. I... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

When I run a virus scan using AVG I get the message C:\windows\system32\drivers\etc\hosts change result: changed. I have attached Kappersky and DSS scan results. Do I have something to worry about? besides AVG I have SpyBot which I update and run every couple of days. Thanks in advance for your help.

A:Avg Scan Result

Hello StalagmiteWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, download and install Hijackthis by Trendmicro and post a log, copy and paste it into the thread by using the Add Reply button, please do not attach it. I am looking at a possible trojan on your system.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers
RELEVANCY SCORE 54.8

Hi,

Can anyone tell me if this file is harmful, it was picked up while scanning with AVG software, status read at the top of the it said it had been changed, this is the file:

C:WINDOWS\SYSTEM32\ntoskrnl.exe

Is this whats called a kernal, this is not in my virus vault but keeps coming up on the scan each time.

Thanks
 

A:AVG scan result

See post #4 in this thread: http://forums.techguy.org/security/554221-solved-avg-finds-ntoskrnl-exe.html
 

Read other 2 answers
RELEVANCY SCORE 54.8

Hey guys,
I posted this originally on May 2nd and have never gotten a response. If I don't have anything to be concerned about, please, just let me know. I have always gotten very good assistance with my troubles and questions before. Maybe I just posted my question in the wrong place.

Question about scan
I am not really having a problem but I am curious about the results of a scan by AVG Free. When my scan is complete, I get the results shown in Attach. #1. I click on "remove all unhealed infections and I get the results shown in Attach. #2. Also enclosed is the results from my HiJackThis scan. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:31 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\A... Read more

Read other answers
RELEVANCY SCORE 54.8

I've been having decreases performance on my laptop over the last month or so. In addition to performace issues, I have had pop-up to different websites showing up more and more often. I have scanned with malwarebytes' anti malware, and removed everything it recommended, I have full scanned with norton 360, and fixed everything it told me, same with stopzilla.
I tried the dds,and apparantly only got halfway through before it hung up. I believe i had followed the directions explicitly. The gmer did work, and I've attached the log.
The OS is windows XP.

Any other info I can provide?

or what steps should I take at this point?

thx for your help,

Temp

A:dds didn't work but gmer results are here

Greetings Tempestus and Welcome to the Forums,Your gmer log does indicate some problems. Are you certain to have disabled Symantec's script blocking feature? If not, that would explain why it didn't work for you. To disable Norton AntiVirus Script Blocking:1. Start Norton AntiVirus.If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.2. Click Options.If you see a menu, click Norton AntiVirus.3. In the left pane, click Script Blocking.4. In the right pane, uncheck Enable Script Blocking (recommended).5. Click OK...then try running DDS again.Post back your results. Thanks!

Read other 47 answers
RELEVANCY SCORE 54.8

Hi, I followed the advice offered by Tech Support on Malware, ran defrags, removed un-needed start-up programs, changed passwords (on clean computer) of various accounts. Carried out anti-virus/malware scans and then ran dds & gmer Unfortunately could not run the full gmer scan as it kept stopping, so ran it with just 'sections' and 'c' Here are the results, hope it offers some insight into why my start-up is taking 4/5 minutes to boot or if my system has some malware.Thanks

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005
Run by Jeff at 15:00:53 on 2013-07-01
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3070.1514 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Sui... Read more

A:Re: Slow Start-Up+Results Of gmer.exe/dds

Hello. I don't see any indications of infection in these logs. There are some entries for adware/annoyware type items which we can remove but I don't think they are going to address your concerns.

As to slow boot time, what programs have you changed or added recently?
I see AVG, Windows Defender, SUPERAntispyware and Spybot Search & Destroy all loading at startup. After we are done checking for malware, you might consider uninstalling all of those (except Windows Defender, it's included in the OS), and installing Microsoft Security Essentials in place of them, to see if that helps.

As the focus of this section of the forum is malware removal, not system performance, once we are done checking for malware, you may need to seek assistance in the Windows Vista section of the forum.

Let's check for rootkits using a different tool.

Download TDSSKiller.exe to your desktop
http://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.8.8.0_date_time_log.txt
Attach that log, please.

Next....Please download AdwCleaner onto your Desktop.
General Changelog Team - AdwCleaner

Direct link
http://general-changelog-team.fr/en/...e/2-adwcleaner

Double click on AdwCleaner.exe to run the tool... Read more

Read other 6 answers
RELEVANCY SCORE 54.8

Ran my typical GMER scan; I just want to double-check that this registry entry it pulled up is a false positive and not anything untoward:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-06-28 12:34:20
Windows 6.1.7601 Service Pack 1
Running: roxte676.exe
---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 38988

---- Files - GMER 1.0.15 ----

File C:\TDSSKiller.2.5.5.0_28.06.2011_12.21.42_log.txt 412 bytes
File C:\TDSSKiller.2.5.7.0_28.06.2011_12.22.48_log.txt 70758 bytes

A:Double-checking some GMER results

Those are normal.
Can you post a whole log?
Are you having any particular issues?

Read other 5 answers
RELEVANCY SCORE 54.4

Hello everyone, I have no clue how to distinguish virus from essential files???

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:54 AM, on 22/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\NEGIN\Desktop\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft&... Read more

A:Need help with "hijack this" scan result PLEASE!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

Windows RegData Malware HKEY_Classes_Root:refi Possi This is what I get as malware. What is it. Adaware won't remove it and Spybot doesn't recognize it as a problem. Please help.
 

A:Adaware scan result

bump
 

Read other 1 answers
RELEVANCY SCORE 54.4

I found following items with earthlink protection virus scanner.
Winmovieplugin homepage hijacker, dialer
Coolwebsearch bho, adware
Pornmagpass adware, homepage hijacker, Trojan M
Elitemediapopup adware, driveby download
Transponder.bloger adware bho
Searchsquire adware, searchpage hijacker
spywareQuake thiefware
SafetyBar adware,Bho

I deleted the items but I cannot update avg spyscanner, but can still scan with it. Should I take any other steps to ensure that my system has really gotten rid of these things. Thanks in advance.

A:I got following in one virus scan result

G'Day hes4l,


Quote:




Should I take any other steps to ensure that my system has really gotten rid of these things.




Yes indeed there are!

Go to the link "The 5 Steps", in my signature; read the instructions carefully; then, post a HJT Log in the HJT Forum, where one of the trained analysts will help you 'clean' your machine.

Now once you have posted your HJT log, there are two things you need to do....

Firstly, subscribed to your posting, so that you can receive instant email notification about any replies.

The other thing is; please be patient with receiving your first reply, as the HJT analysts are usually very busy.
So, I recommend if after say, 48 hours, you have not received any response to your request, go back into your thread, and type in "bump"; this will bring your post back to the front page, and to the attention of an available analyst.

Good luck with it!

If you have any other queries/concerns, feel free to post back.

Read other 1 answers
RELEVANCY SCORE 54.4

Anyone know what this result means?

My windows processes are running really slow and was wondering if this is causing the problem.
 

A:AVG Virus Scan Result Help

Hi and welcome to TSG.
It should only concern you if it says it was infected.
Quote from Avg help forum.
"It is normal that AVG shows that files, the MBR or Boot record to have changed.
These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive.
The only time that you should worry is if they also show as infected."

Check link below for suggestions on Pc Maintenance.
http://computercleanup.blogspot.com/
List includes..
Scan For Viruses.
Scan for Spyware.
Microsoft updates.
-----------------------------------
Disk Cleanup.
Check Hard Drive for Errors.
Defragment Your Hard Drive.
-------------------------------------
Registry Cleanup is in their list but
Cleaning the registry may cause you more problem than you started with..
so it would be best to skip that one.
 

Read other 2 answers
RELEVANCY SCORE 54.4

Hiya All

Happy Easter.

I ran Malwarebytes yesterday as PC not right.Results of 15 objects found.Can someone please explain them or advise further?

Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

11/04/2009 20:23:50
mbam-log-2009-04-11 (20-23-50).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 130528
Time elapsed: 1 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTW... Read more

A:Malwarebytes scan result

Hello

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Read other 1 answers
RELEVANCY SCORE 54.4

Hi guys,

I just finished running a scan with spybot search & destroy and it came back with the following result (attached a pic). The problem is that I have heard the name before coolwwwsearch which is what was picked up and I thought it must be bad but just to be sure I checked the particular files in my registry. The files all belong to a program I just recently installed called Zero popup pro which as you can guess from the name is a popup blocker. I'm not sure what to do now and was hoping someone can advise whether to ignore what spybot has found or could that popup blocker program be some type of spyware?
 

A:Spybot scan result

Read other 9 answers
RELEVANCY SCORE 54.4

I have Windows XP and an AdAware scan hit on this as malware[Windows Reg Data Malware HKEY -Classes-Root:regfi Possi]. Can anyone tell me what this is? AdAware can seem to do anything with it and SpyBot doesn't recognize it . Please help.
 

A:AdAware scan Result

This could possibly be a sign of a possible browser hijack attempt. If ad-aware has found it, remove it. Download, update and run spybot, post your log and I'm sure someone will be along to help you with any problem soon. Nothing to worry about though, I have had lots of possible hijack attempts.
Wizzkid
 

Read other 3 answers
RELEVANCY SCORE 54.4

I have been having some problems as of late with my internet connection... various sites not being found, timeouts, cannot find server etc....

I call me EARTHLINK TECH support... and they suggested I make some cahnges in my dial-up networking, etc... and suggested I do a HIJACK-THIS scan.

I did the scan... and here are the results. I was wondering if anyone would look at the results and maybe make some reccomendations.....

Thank you.

DAVID
Logfile of HijackThis v1.97.7
Scan saved at 2:14:06 AM, on 1/18/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MS HARDWARE\POINT32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVIDS' INTERNET BROWSER
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Can someone help me with this HIJACK THIS scan result.

Read other 7 answers
RELEVANCY SCORE 54.4

Any Malaware experts out there to take a look at these results and let me know what to do next ????

Refers to my earlier thread this morning about desktop startup errors.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:35, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\... Read more

A:DLL Error HJT Scan result

This is a duplicate post.
Original thread and HJT log are here
AND has been moved to the MalWare forum,
 

Read other 1 answers
RELEVANCY SCORE 54.4

Thought I may have got an infection (sonar.heuristic.130).  So I ran numerous scans.  
Norton Internet Security A/V, Norton Power Eraser, MS Safety Scanner, ESET Online Scanner, Super-Antispyware, Malwarebytes, ADW, TDS Killer, and R Kill.
All my scans ok, less the ADW find.  Wasn't sure to delete the registry key, so I didn't.  I took a screen shot of LAN settings but couldn't figure how to attach, if I was supposed to.
 
The result of ADW scan:
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 01:37:05
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Fred - ATHEIST
# Running from : C:\Users\Fred\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
 
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
*************************
AdwCleaner[R0].txt - [679 bytes] - [16/02/2015 01:37:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [737 bytes] ##########
 
Screen I tried to attach
Internet Options/Connections/LAN Settings
   Automatic configuration heading........only Automatically detect settings is checked
   Proxy server heading..........................box is un... Read more

Read other answers