Over 1 million tech questions and answers.

Virus - IE opens to random sites, unable to see CD/DVD drives, unable to run GMER.

Q: Virus - IE opens to random sites, unable to see CD/DVD drives, unable to run GMER.

I believe I have a malware virus on my computer. It started where Internet Explorer pages would open by themselves to random sites. Next I've noticed that my CD drives are no longer visible. When I put a CD or DVD into either one of my 2 disc drives, I don't see either on My Computer. I keep getting an error that my drives are not up-to-date but I'm not able to update them. I get the following message when my computer comes on - "The driver CDR4_XP.SYS on your system is old. Please reinstall DirectCD to update the driver".I followed the steps for the Preparation Guide and have attached the Attach.txt and DDS.txt files. I was not able to run the GMER program. I tried multiple times and I keep getting this error and the computer shuts down. The error was "A problem has been detected and windows has been shut down to prevent damage to your computer. IRQL_NOT_LESS_OR_EQUAL." There is more text and then at the bottom it said "Technical Info: ***STOP: 0x0000000A (0x00202074,....)" it continues on with more numbers.Any help would be greatly appreciated.Thanks

RELEVANCY SCORE 200
Preferred Solution: Virus - IE opens to random sites, unable to see CD/DVD drives, unable to run GMER.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Virus - IE opens to random sites, unable to see CD/DVD drives, unable to run GMER.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 89.6

Hello and thank you for taking the time to help.When IE is opened, MWBAM starts blocking outgoing to malicious sites. These are intercepted every couple of seconds. 208.87.33.151, 208.73.210.29, 66.6.87.100, 208.87.32.69, etc.Simultaneously, Microsoft Development Environment keeps firing error messages or the debugger with some random web-page.html loaded.In prep to submit this I Ran DDS, and produced the text below and the attachment, but ran into trouble with GMER.On opening GMER, it detected root activity - [email protected] when it prompted to scan I clicked 'No' per instructions, un-checked the options per instructions, and ran the scan. Results:Error msgbox: Load driver C:\fwtyapow.sys error 0xc0000035 "Cannot create stable subkey under volatile parent key"Blue screen also citing fwtyapow.sysScanned C:\ with AVG (0 infected) and MWBAM, no help.Thank you in advance for any help.David------------------------------------------------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11Run by Jeff at 17:51:37 on 2011-09-11.============== Running Processes ===============.\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Fil... Read more

A:Microsoft Development Debugger opens w/random web pgs loaded, MWBAM blocks outgoing to malicious sites. GMER: [email protected], but sca...

Fixed it. Please ignore.

Read other 2 answers
RELEVANCY SCORE 81.6

OS: Windows XP Build 2600.xpsp_sp3_gdr.090206-1234: Service Pack 3

Hi,

I'm sorry, but I had to repost my original message posted on September 22, 2009 with the title "Mysterious Audio Advertisements/Internet reroute/Unable to run Spybot/gmer".

I didn't read the end of the "how to" carefully and realized that after placing the second "bump please" it probably looked like it was being worked on. Sorry for the inconvenience.

So here's what I have going on:

I bought my laptop a few months ago from someone on craigslist. After I took it home I started to notice some weird things.

A. Every once in a while this random audio advertisement will start playing, even though there are no programs running or internet browsers up. One time it played while I was browsing and I closed the window and it continued. The other time I was just playing with the Admin settings trying to see what I could mess around with to see if I could track the virus I suspected. That second time it just made some weird noises w/o the advertisement. Pretty eerie.

*Note: I haven't been able to prove this, but I think it tends to happen only when it's connected to the internet.

B. I noticed that after the first few attempts to browse the internet I would begin to get redirected to other sites. Particularly when trying to reach antimalware/spayware sites.

One sends me to "bestcompanysearch.com/click/go.php?u="... and a long code after that, and ... Read more

A:Random Audio Advertisements/Diverts internet searches/Unable to run Spybot/Gmer

Bump, Please.

Read other 6 answers
RELEVANCY SCORE 80.4

EDIT: SORRY I FORGOT I SHOULDN'T POST HERE UNLESS I HAVE LOGS.Hello. I hope someone can help me with this. Avg has shown that I have the virus win32/Patched.dx in the file C:\Windows\system32\drivers\intelide.sys. I followed the steps of the preparation guide. I ran defogger, which worked fine(I don't believe I had any CD emulator). I tired to run dds but a notepad document opened saying 'this program cannot run in DOS mode'. I then tried to run GMER several times but all times led to the computer restarting itself. I managed to take a screen grab of what it had found before rebooting, which I have attached to this post. My computer has been running slow for a while, though this could be due to the age and RAM of the computer. It's an emachine 5230 Pentium 4 with only 512MB Ram.I hope someone can help. Thank you
 Doc1.doc   75.5KB
  10 downloads

A:win32/patched.dx virus and unable to run dds or gmer

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.================================Please try using a different version of DDS, download it from the links below:DDS.com => http://download.bleepingcomputer.com/sUBs/dds.comDDS.pif => http://www.forospyware.com/sUBs/dds

Read other 23 answers
RELEVANCY SCORE 75.2

Hello,

Recently my computer has been progressively getting worse, or so it seems. At first all that I was limited on was going to a handful of sites that I tried (Facebook, Hotmail, Yahoo, etc...). Currently, I am having difficulties getting on more and more sites, sites that I had been recently able to get on. In my attempts to take care of the problem on my own I downloaded Malwarebytes, IObit Malwarefighter, and ran recovery manager to set my computer back to factory condition. I knew because I did the recovery that it was going to most likely not work so I saved files and documents I wanted to save on a thumb-drive. Malwarebytes and IObit claim to have found nothing but I can't seem to upgrade Malwarebytes as the program crashes when it scans for an update. Since I recovered my computer I cannot watch anything on Netflix (on any browser), and I still can't access any of the websites I was unable to. I went onto Wikihow and tried to reset my "hosts" file but it seems whatever I did could have just been more damaging than helpful, I am not quite sure. I am running Windows 7 as an operating system on an HP computer. I have looked at threads you have done or solved in the past and some of the solutions that worked for other posters did nothing to cure my problem. Thank you for reviewing my issue and if I need to post any more information to get things rolling just let me know.

Nathaniel

Logs Below:
------------------------------------------------------... Read more

A:Unable to access certain sites; unable to download various upgrades...

Read other 10 answers
RELEVANCY SCORE 73.6

I'm unable to access various anti virus sites, pctool, mcafee, go microsoft.

pctools, spybot all run clean HJT looks clean but here it is anyway.

Please help!! Oh I'm running XP and the all the different browsers do the same thing.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:03:47 PM, on 1/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1101766327\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\common files\aol\1101766327\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1101766327\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin... Read more

A:unable to connect to anti virus sites

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 73.6
RELEVANCY SCORE 73.6

Hi All,

I'm new to this forum. I have a Dell vostro 1500 which came with AVG anti virus plus firewall. Everything was going great for about an year and about 3 weeks ago my AVG gave a message 'Connection to update server failed'. I thought it was because of internet but from then on my AVG started giving me the same message again and again. In addition to this whenever i try to access an anti virus website or microsoft updates website i'm getting a page cannot be displayed message.I can access all other websites normally. When i tried to ping avg.com , i got 'ping could not find host avg.com please check the name and try again' message.But i can ping the ip address of avg.com. I'm confused and i'm not sure what is causing this. Any help on this would be greatly appreciated.
Thanks a lot in Advance,

Jay.

A:Unable to access Anti Virus Web sites

If you cannot use the Internet or download any programs, try downloading from another computer (family member, friend, etc). Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program. If you cannot copy files to your usb drive, make sure its not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.Please download hosts.zip and save it to your Desktop.Extract (unzip) the file to its own folder C:\hosts. (click here if you're not sure how to do this. Vista users refer to this link.) Open up the hosts folder and double-click on the mvps.bat file.The script will rename your present HOSTS file to HOSTS.MVP and copy the new HOSTS file to the correct location on your system. You can read more about what we are doing in Blocking Unwanted Parasites with a Hosts File.Vista users be sure to read Updating the HOSTS file in Windows Vista.Install Instructions with screenshots for the MVPS HOSTS File if you need them.Note: You may have to overwrite the hosts file in "Safe Mode" if you get "an access denied message" when trying to do it in normal mode.Please download ATF Cleaner by Atribune & save it to your desktop. alternate download linkDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox... Read more

Read other 11 answers
RELEVANCY SCORE 72.8

Hi All.
I have inherited a win7 64bit machine that was severely infected including a cryptolock virus.

I used disc2vhd to create a vhd file of it as a backup and now running it virtually using virtualbox. I'll likely do a format and re-install on the physical machine but wanted a working version as a backup.

I have run several anti-virus programs - Malwarebytes, Rogue Killer, SuperAntiSpyware, Microsoft Malware Removal Tool (msert.exe), Hitman, etc. I also booted using the AVG recovery CD to completely scan the drive. All of which found many files and removed them. I apologize as I didn't keep the logs.

Everything seems to be coming up clean but I am not able to visit microsoft.com or any antivirus websites directly. Visiting the conficker eye chart website (Conficker Eye Chart) indicates that I am infected with an A/B variant.

I have tried running ESETConfickerCleaner.exe but it said I was not infected.

I wasn't sure if there was a log I am meant to provide with this post but can download and run anything you may need. I would really appreciate it if someone could help me resolve this issue please.

A:Unable to access anti-virus sites or microsoft.com

perhaps you can find another site with a download link to an antivirus??

Read other 7 answers
RELEVANCY SCORE 72.8

Hi ,
I have made carefull screening of my PC as instructed.
B'fore I post the logs and the attachments here 's the problem i 'm facing.

I 'm unable to open any anti virus website or any live scanning links(from microsoft n not even able to get into safe mode).
I recently purchased Trend Micro (2008) and it's not letting me subscribe or do online updates(says ,u don't have internet connection,while my connectivity is absolutley fine) .I tried with other AVs(Avira) but to no avail.

so, it clearly indicates there's some virus /malware inside my PC.
The system was formatted prior to installing the Anti virus.
Moreover, I have already run the anti malware and CC cleaner.
I will greatly appreciate any quick help in this regards as i am in the middle of an imp work and will be leaving this place in another 12 hours.

Thanks a lot in advance!

here's the dds log..


DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 10:43:06.46 on Sat 01/02/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.44 [GMT 5.5:30]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\W... Read more

A:unable to open any anti virus sites/updates

Thank u for not replying....I had come to this place with lots of hope
Any way, I appreciate your time.
thanks again!

Read other 2 answers
RELEVANCY SCORE 72.8

I have been trying to resolve this issue for some time.
Symptoms:
symantec spyware does not start on start up
trying to do a live update ends with a cannot access site

spysweeper will not start

unable to do a windows update.....marks microsoft site as unreachable

unable to access spyware web sites such as AVG

unable to access this techsupportforumsite...needed to open this problem on a different pc

able to access most all other sites. PC performance is ok on reboot, and then slows down over a period of days

I had to download the troubleshooting tools from your site to a flash drive on one pc and then transfer over
I am attaching the first dds logs. those worked
PC would not allow the running of GMER...double click, etc. and it just sits there with no error msg.

I suspect you will need this gmer output. Perhaps you can advise on what to do next or if you have a good idea of what this virus is and where it came from. thanks
-Rick

A:Unable to get to windows update or any virus scan sites

Hi, welcome to TSF!

Rename GMER to LMER then re-run it again. Post the log please.

Also, You are operating your computer with multiple Anti Virus programs

Symantec
AVG

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them and keep only one.

Read other 14 answers
RELEVANCY SCORE 72.8

Gents,
Following a removal of an infection by a brastk trojan infection i am unable to reach any security/av/ websites. All sites are defaulting to 127.0.0.1 on both mozilla 3.0 and IE 7.0 or go to blinkx site .

This problem connecting is also effecting the autoupdate function of sophos.

I have run an a/v scan using sophos with updates up to date as of 10 mins before infection
I have run spybot S&D and have installed webroot firewall.
I have checked and can confirm that host file is default only
I have flushed the cache and winsock

Unfortunately this problem seems to have somehow eluded me.

Fortunately i have a linux pc and so have managed to install and obtain a hijack this log as requested.

Hopefully you can give me some guidance before i have to rebuild

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:20, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\cisvc.exe
H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
H:\Program Files\S... Read more

A:Unable to reach any A/V sites after removing brastk virus

Managed to get the PC into Safe mode. Download offline Sophos A/V check CLI from another pc and run on system as well as GMER check

GMER found it first (log attached) :-

ervice H:\WINDOWS\system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys)

Subsequent a/v scan identified same and addition Troj/FakeAle-IW which was also removed.

Rerun a/v scan and gmer scan. now clean.

Rebooted and able to access all appropriate sites and services. Sophos updated ..suprise it now included a rootkit checker which i didnt notice before http://www.techsupportforum.com/imag.../icon_wink.gif

Read other 1 answers
RELEVANCY SCORE 72.8

Hi,
I recently started doing volunteer IT work for a non-profit organization. They have a server running Windows 2003 Small Business Server SP2 with IE 6. I recently ran Windows Update on it and installed about 28 security patches. The server rebooted successfully and things seemed to running okay. About one month when by, when I discovered that I cannot run Windows update or get to any Microsoft or antivirus websites (McAfee, Symantec, AVG). I get "page cannot be displayed". I can get to other websites just fine. I downloaded/installed Spybot and ran a scan but all it found was some tracking cookies. I then downloaded/installed Clamav but I was unable to get to Clamav.net to get the latest definination files. I ran a scan and except for files that were in use, it came back clean. Any help would be greatly appreciated. Thank you.

A:Unable to access Microsoft or Anti-Virus Sites

An update to this problem -

I suspected it might be Conficker. I checked and I have KB958644 installed but I had download about 28 patches in January and didn't install them until 02/15. I think Conficker slipped in during that time period.

I downloaded the Microsoft Malicious Software Removal Tool but it would not start on the server. I then downloaded the McAfee Stinger utility and it found Conficker in the Default User Temporary Internet File directory in a jpeg file. It removed it and I rebooted the server but I still cannot access any Microsoft or anti-virus websites. Any ideas? Thank a lot.

Read other 2 answers
RELEVANCY SCORE 72

Hello,I'm hoping someone can help as i'm going mad with this problem. I was infected with a virus earlier in the week. Can't remember name but I couldn't open any exe files and it kept saying my system was infected and to buy some anti virus software. I used tdr killer and malwarebytes to sort this problem. However something still seems to be lingering. I cannot access most anti virus sites and forums or windows update site. If I go to windows update page it says page not found. If I go to the anti virus sites then I get redirected to generic sites. Most but not all other sites and links seem to be working fine. Just seems to want to keep me away from sites where I may find out how to kill it. I thought it may have been confickr and downloaded kasperskys tool for removal but it detected no virus. It is becoming a real inconvenience and I'm guessing it is doing something much more behind the scenes other than just blocking these sites. . Have tried several malware, spyware detectors but without luck so far. I have windows xp sp3, using chrome as main browser but affects IE too Please helpThanks KieranDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 16:21:28.17 on 29/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3583.2521 [GMT 1:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-... Read more

A:Unable to access windows updates and anti virus sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 72

Hi there.

Hubby said he had a problem with his XP home laptop earlier tonight. It had frozen on the last site he visited and couldnt get it switched off - had to pull battery.

He was running slow, able to get to sites like Ebay but AVGfree was reporting that the download server was unavailable. I checked with mine and no problem connecting to AVG so tried again on his laptop and got the same result. I could do a scan with AVG but all it found was tracking cookies some I hadn't seen before "revski.net" and it seems to have deleted them. I tried to update AVG manually with the lates files from my pen drive but any attempt to open AVG from Programs and it hangs again. (Sinking feeling happened about now ( )

I tried to run his Spybot but it wont open. Tried to update it from the menu and it reports that theres an error with the database. Its not letting Malwarebytes run either. I tried Kapersky online scanner and it just hangs.

Meanwhile it keeps freezing and again had to pull battery (holding down power button didnt work).

Tried to boot into safe mode and it reports "we appologise, windows was unable to boot into safe mode". Only able to go to last known working configuration, it boots slowly but OK.

I'm sort of leaning towards Conficker or Zlob although I haven't tried to go to WU yet, but I'm assuming it wont allow it. So help needed from your expert selves.

Thanks in advance.

A:XP home infected unable to connect to anti virus sites

I am having the exact same issue described in my thread.http://www.bleepingcomputer.com/forums/t/225218/difficult-virus/Hope someone can help

Read other 3 answers
RELEVANCY SCORE 71.2

I?m running XP (Pro, I think).

The problem first arose, when I noticed the browser (IE) was working a bit slow upon requesting websites. Then I wanted to do a Housecall Trendmicro scan, but was unable to load the webpage. I then tried to run Spybot, but the program wont run. It crashes without any explanation. I have had NOD32 running and Sunbelt Firewall. I just noticed that Sunbelt was not running at every restart. Maybe the virus or trojan quits the firewall at some time.

Here's a list of things I have tried (in chrono order):

1. Trendmicro Housecall scan. UNABLE TO ACCESS SITE
2. Tried to start Spybot. CRASHES AT STARTUP.
3. Tried to do a NOD32 scan. CRASHED TO BLUE SCREEN OF DEATH.
4. Ran SDFIX in Safe Mode. Got some Memory Allocation errors. Cant find anything on google on this. Otherwise ran OK.
4. Tried to reinstall Spybot and startup. CRASHES AT STARTUP.
5. Tried CCleaner. Cleaned registry and standard cleansing.
6. Run CWShredder. FOUND NOTHING.
7. Run miniremoval tool from Housecall. FOUND NOTHING.
8. Tried to install Malware Bytes. But setup wont run. Crashes.
9. Tried a second NOD32 scan. And it seems to not crash this time. Not finished yet...

Thanx for listening, and I hope someone can help

Here's my DDS log file:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Sennep at 0.42.31,35 on 02-03-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2046.1330 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (U... Read more

A:Unable to visit antivirus sites, Spybot wont run, etc. Unknown virus.

By the way. I have not installed Antivirus 2008. But the attack reminds me of an "Antivirus 2008"-attack, a friend of mine had. He too couldnt access antivirus sites.

Read other 3 answers
RELEVANCY SCORE 70.8

I am having an issue with some client computers running xp, they are unable to connect to the domain or map network drives. I have ghosted these computer for a temporary solution but it has been happening to multiple computers now.

The error message that comes up when I try to map a drive or connect to the domain is "network location cannot be reached"

Any Ideas on how to resolve this problem without having to ghost these computers?

Read other answers
RELEVANCY SCORE 68.8

I cannot run any antivirus programs nor can I run any of the programs you have requested to obtain logs.

A:Unable to Run GMER or DDS

What happens when you try and run the programs?

Do you get any error messages?

Have you tried running the programs in safe mode?


Try and run this program

Download and run Win32kDiag:Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1
Download Win32kDiag (Win32kDiag.exe) - #2
Download Win32kDiag (Win32kDiag.exe) - #3

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Read other 2 answers
RELEVANCY SCORE 68.8

I was able to run defogger and when i tried to run dds the computer shut down. I ran rkill as iexplorer.exe and the dds was able to run. Once I tried to run gmer it shut down again. Here are the DDS logs.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000
Run by jokyke1 at 10:59:34 on 2011-09-29
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.3573.3168 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z01... Read more

A:Unable to run gmer

bump

Read other 3 answers
RELEVANCY SCORE 68.8

When i start programonly services registry and files can be checked or unchecked all other boxs from system to libraries are grayed out???

A:Unable to run gmer

Are you using a 64-bit OS? If so, be aware that GMER is not fully 64-bit compatible, therefore it is not a useful tool for such systems. Although GMER can run on a 64-bit version of Windows only registry, services and files can be scanned...other options are grayed out.

Read other 1 answers
RELEVANCY SCORE 68.8

This is my original thread: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/hijackthis-log-help-inactive/374613-slow-computer-malware-problems.html

I tried to run GMER several times. Sometimes it completed the scan, but then when I went to save it, it bluescreened again. The latest error it has come up with is:

"STOP: c000021a Unknown Hard Error
Unknown Hard Error
Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance."


What's going on?

A:Unable to run GMER

Hello Daskill,

Please run gmer.exe again, but use the following configuration:

In the right panel, you will see several boxes that have been checked. Uncheck the following ... (this list is a bit different from the pre-posting topic) Devices
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

======================================

I'll also need to see a fresh dds.txt.

Read other 15 answers
RELEVANCY SCORE 68.4

Hi everybody, for a month now Ie executes itself and opens random sites every 7 minutes. I have scanned my PC with Mcafee, ashampoo, spybot, resulting only in a temporal delay on the non desired page opening for a while, then returning to 7 minutes. Restoring system to `previous date does not work.I woul really appreciate if you could help me with this. The HijackThis log is the following:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:46:26, on 14-01-2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exeC:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exeC:\Archivos de programa\Archivos comunes\Roxio Shared\SharedCOM8\RoxWatch.exeC:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOW... Read more

A:Ie executes itself and opens random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 3 answers
RELEVANCY SCORE 68.4

Internet explorer opens by itself and goes to different sites. I have run malwarebytes, ATF cleaner, Rkill with no results.

When trying to run GMER it gives me an error:

("C:\Docume~1\YoDKC\LOCALS~1\Temp\updapog.sys") error 0xC000010E: Cannot create a stable subkey under volatile parent key.
so when it runs everything is unchecked (blocked) except for services, registry, Files, and ADS. After it has run nothing has been found.

DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by YoDKC at 8:25:31 on 2011-11-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2446 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\WINDOWS\System32\svchost... Read more

A:IE opens automatically to random sites

I forgot to add the Hijack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:00 AM, on 11/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program... Read more

Read other 4 answers
RELEVANCY SCORE 68.4

Firefox, Internet Explorer and Google Chrome open up random sites which are blank most of the time and have a long URL but sometimes some malicious websites open up which are blocked by WOT in Firefox. The sites usually open up every couple of hours at random times. I've scanned my computer with SuperAntispyware, Avast!, A2 and Malwarebytes. None of them have found anything apart from SuperAntispyware which keeps on finding tracking cookies in C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies with names on text files with the word 'ad' inside it. However, the tracking cookies keep on coming back (I don't know if they are the same ones). Any ideas on how to remove this annoying piece of malware?

By the way, I've tried XDelBox/ XDelScan but it did not find anything.

A:Web Browser Opens Up Random Sites?

First, uninstall all anti-spyware/malware/virus programs on your computer.

Next run the Windows Malicious Software Removal Tool

If that doesn't find anything, then download, install, update, and run the Microsoft Security Essentials

If the last doesn't work, then you may have a new bug and need to do a clean install.

Also you could try uninstalling all your browsers and reinstalling them and seeing if it was just a fluke.

Read other 9 answers
RELEVANCY SCORE 68.4

Hello All,

First, thank you so much for the help.

Internet Explorer (IE8) keeps opening up on its own. I don't use that program ever. I use firefox as my browser. The sites it opens up appears to be random, although truthfully, I don't look at them. I've just been using the task manager to close them down. It also opens up "In Page" advertisements. It seems to be on a timer, although I've never checked that but it seems to spawn every 2-3 hours whether I'm at my computer or not.

I've run several different anti-virus/malware programs they all found different things but none of them have gotten rid of this problem. (AVG, Avast, Avir (sp?) MalwareBytes, Ad-aware, McCafee, eset online scanner, and the windows XP one). Now none of them show any sort of viruses.

I've gone through all the steps from the preparation post; hopefully, I've done everything correctly. I'm computer competent but not a tech so please bare in mind you'll have to speak to me in lay terms.

Again, thank you in advance
Jass
dds log:

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 10:53:14 on 2011-08-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3579.1978 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
=... Read more

A:IE opens on its own to (seemingly) random sites and ads

Bump. Is there anyone who can help me?

Read other 49 answers
RELEVANCY SCORE 68.4

System was hit by a Trojan and sveral virus. Most where taken care of by Symantec AV. Problem remains that IE6 opens random sites when running. Symantec scans show nothing. Ran Hijack this found some BHO's and removed them. Problem continues. Reinstalled IE6 still no changes. Help!!!!Mod Edit: Topic moved to more appropriate forum~ TMacK

A:Ie6 Winows 2k Opens Random Sites

Welcome to BC wadeoregonWhat was the name of the Trojan and other malware you found and removed? Some of this stuff drops additional malicious files on your system that often goes undetected unless you perform various scans.Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once ... Read more

Read other 1 answers
RELEVANCY SCORE 68

Hi...I'm new to this forum and am looking for some assistance. I have a redirect trojan virus and I've been following the steps of your preparation guide to post the logs here. I got to the GMER scan and every time I run the scan, it shuts down my computer before finishing. The folder it is scanning when it shuts down is C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5. The strange thing is that when I look for that folder on my computer, it isn't there and I have "show hidden files" checked. Can you help me with this? I have Windows XP. Thank you.This is my DDS Scan:DDS (Ver_10-10-10.03) - NTFSx86 Run by HP_Owner at 15:23:35.73 on Tue 10/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.348 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\A... Read more

A:Unable to run GMER Scan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 15 answers
RELEVANCY SCORE 68

Well, I made a really bad mistake and downloaded and executed a .exe file that I knew I shouldn't have, this is my first ever virus :(

After executing, my system bluescreened and said that windows32k (I believe thats it, I tried to read it fast) was unresponsive, and it restarted. Upon restart, I looked in my system processes and saw that b.exe was running. I've heard of this virus before, but I wasn't sure its so hard to remove! I get constant popups from IE redirecting me to vidshadow.tv

I can't start any antivirus. Avast/AVG/Malwarebytes, and the DDS/gmer logs cannot be posted because they don't run long enough before this virus kills the process. I get the "You don't have access" error.

Any help would be appreciated :)

UPDATE: Just double checked my system process tree and also found msa.exe. I've also heard of this being a known virus.

Read other answers
RELEVANCY SCORE 68

I'm posting here following cryptodan's instructions here following an earlier problem reported there with ComboFix hanging. I have followed the Prep. Guide, but been unable to create the requested logs.I am running Windows XP (SP3) on a Dell Latitude D420. My problems began last week when I switched on my computer the day after using a public, unsecured wireless network in my local library. When I booted up, my Windows profile had been lost and I was given a brand new desktop. So I did a system restore to a couple of days beforehand, which restored my desktop settings, access to documents - apparently all ok. Then I started Chrome and was asked whether I wanted to change my default search engine. Suddenly I wondered if there might be an infection...So: what next? Initially I hadn't heard of BleepingComputer.com and went instead to the MajorGeeks site and their Windows XP Malware Removal/Cleaning Procedure page, which linked to you for a download of ComboFix to my desktop. Following their instructions I first ran SUPERAntiSpyware, then Malwarebytes Anti-Malware before proceeding to run ComboFix according to your instructions - which, unfortunately, froze, as I reported in my initial post.Cryptodan told me to follow the instructions in the Preparation Guide and post a new topic here.I followed the steps in the Prep. Guide, starting with DeFogger - log posted below:defogger_disable by jpshortstuff (23.02.10.1)Log created at 22:47 on 18/02/2011 (Owner)Checking for aut... Read more

A:Unable to run DDS or GMER as instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.======Try this in "Normal Mode" first, if unsuccessful, try "Safe Mode".We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:
Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedAfter downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control ... Read more

Read other 13 answers
RELEVANCY SCORE 68

Hi Guys,

I have a laptop with XP. I have Norton and I bought webroot spysweeper two months back. About a week back the spysweeper started to give extremely frequent alerts about how it was blocking/shielding the attempts to connect to different sites. It was very frequent and it made using any editor impossible. Then my laptop started to slow down and now it has slowed down to a crawl. The CPU usage is almost always 100% and it takes ages for anything to happen.

It took me a while to download and run DDS and GMER. I was able to run DDS and the log is below. I tried thrice to run GMER but was unable to. The first time, after about an hour, I got the blue screen but I couldn't read what was written on it. In my second attempt GMER crashed quickly. In my third attempt again after an hour I got the blue screen and it said:

Something wrong with file: Aujasnkj.sys
stop: 0x00000050 (0xB900FB30, 0x00000001, 0xB8F1B915, 0x00000000)
aujasnkj.sys - address B8F1B915 base at B8F10000 date stamp 4a7bda16

I hope I am not in too deep trouble and I hope you guys can help me out.
Thanks a million. I am not zippping attach since I don't have the log from GMER.

Here is the DDS log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 23:14:47.60 on Tue 08/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_06

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uSearch Page = ... Read more

A:CPU usage 100% Unable to Run GMER

Some additional information that might be useful.

1. The taksmanager shows something called b.exe that is taking up a lot of CPU usage.

2. My webroot spysweeper, which is running as I type this, has found trojan agent-tdss, trojan cognac, trojan zoeken, adware sabotch, adware rogue security products.

Hope this helps. Thanks a lot.

Read other 19 answers
RELEVANCY SCORE 68

I have successfully removed braviax, winupdate86, is2010, and AVR from my nieces laptop (dell INSPIRON E1505). I am now stuck with, I assume, a nasty rootkit.
I was unable to run HijckThis, RootRepeal, GMER, ProcesScanner, ProcMonitor, and anything else that might help rid me of this oracle.
Looking through this forum, I was able to run WIN32KDIAG. I must note that I am only able to do this in SAFEMODE. Here is the log from WIN32KDIAG.
If I have to reformat and reinstall everything, I will say it wouldn't be the first time, but with your help, I hope to kill this bastard.
Running from: C:\Registry First Aid\hht.exe

Log file at : C:\Documents and Settings\BRITTANY\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDO... Read more

A:Unable to run Gmer, HijackThis,... Please Help

Have you tried to use malwarebytes? or use avast Antivirus and do a full boot scan ?? both would more then likely fine your "rootkit"

Read other 3 answers
RELEVANCY SCORE 67.6

Hello, So I was recently infected by some Trojans, not sure which ones. But when I rebooted my computer my taskbar was unable to load and only showed a sliver of it at the bottom of the screen. Also i'm unable to drag any desktop icons and my sound drivers are unable to load. I've tried running multiple anti-virus programs such as Malwarebytes and Kaspersky and unable to do so since I receive an error trying to run it. When I try to open Windows Firewall, I get a popup saying "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) Serice?" But when I press yes I get an error saying ICS cannot be started. Can anyone help?

-Chris

I have Windows XP Professional SP3

Read other answers
RELEVANCY SCORE 67.6

Can someone look at my brothers log?! For some reason his computer can't do an anti virus update and when I go to the add/remove tap it won't let me uninstall certain programs. Also, there are some programs in his add/remove tab that seem weird. Thanks in advance!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:05:21 AM, on 7/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software... Read more

A:Unable To Update Anti-virus And Unable To Uninstall Apps

Hi and welcome,

Sorry for delay.

if you still need help, please do the following:

Open Hijackthis
Click "config"
Click "misc tools"
Click "open uninstall manager"
Click "save list...."
Save the list and post the log.

Click bottom "back" button so you are back at main Hijackthis window.
Click "scan"
When done click "save log..."
Save log someplace and post it here.

---------------------

What happens when you try uninstalling programs?
Which ones out of the list are you trying to uninstall but will not?

let me know also what you have done so far to try & fix the issues.

Thanks!

If it seems I have abandoned you (no reply in ~24 hours) please PM me. My email is flakey and sometimes I dont get reply messeges.

Read other 1 answers
RELEVANCY SCORE 67.2

Hi

The computer of one of mychildren has gone very slow na displays pages with sections out of place.

I ran Eset and it crashed 25% through, Then I ran Malwarebytes and it found some 50odd PUPs. Ran again Eset: it found 3 PUPs but did not get rid of them; on a 3r try it hung after finding the same 3 PUPs: all 3 to do with

C:\Program Files\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application

Now I ran gner and it crashed before finishing.

I am pasting the ds.txt and attaching the attach.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.25.2
Run by Katerina at 11:31:57 on 2014-05-09
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.2070.18.2011.830 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_n... Read more

A:Computer slow- unable to run gmer

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly... Read more

Read other 19 answers
RELEVANCY SCORE 67.2

In the past 72 hours my PC has seemed to be infected.

The only signs of infection so far is trouble booting the machine, 70% of the time, it will hang on the Windows loading bar screen, but mainly once inside Windows I will only have use of the machine for around 5 or 10 minutes and it will gradually just freeze up on me. Leaving me with only the Alt+Tab function to
switch between open windows, until this no longer works either.

I have been unable to complete a full virus scan with Malwarebytes Anti-Malware, Antivir, or Avast's pre-boot scan due to the machine freezing partway through.

I've had no clues as to virus names or trojans etc.

The freezing up has also prevented me from completing a GMER scan. Is this DDS report useless without the GMER information?


Seems like a very useful site. Hope you guys can help! I can't bare using the 5 second power button job anymore, it kills me a little each time.


Many thanks,

---------------------------------------------------------

DDS (Ver_09-05-14.01) - NTFSx86
Run by **** at 5:25:54.14 on 14/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2943.2350 [GMT 1:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1335 [VPS 090613-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor F... Read more

A:PC Freezing, unable to complete GMER.

Hi catnip,

Welcome to Tech Support Forum.

You currently have 2 active antivirus programs installed and this could cause problems.

If your PC doesn't hang, please remove either avast! antivirus or AntiVir.

We will then proceed from there. Please let me know if you are having trouble with removing either one of them.

Read other 14 answers
RELEVANCY SCORE 67.2

I have been experiencing slow downs on some web pages, that work fine from any other PC.I have not had any blue screens or restarts except for the ones listed below when running MalwareBytes and GMER. I know that the problem is not these two software products. They were boith downloaded and installed yesterday, but I have used both on other PC in the past.I found C:\Windows\system32\gearsec.exe with autoruns and disabled it based on this from bleepingcomputer http://www.bleepingcomputer.com/startups/g...c.exe-8928.html I ran SuperAntiSpyware successfully. It showed 318 Adware Tracking Cookies and cleaned them. Nothing else was reported.I tried to run MalwareBytes Free edition in normal mode. It blue screened. Avast resident shield were on.I treied again it started a scan showing 2 seconds elapsed time, and appeared to freeze. It then jumped to 1:12 seconds elapsed time and pased again. It then jumped to 2:22 elaped time and stayed there for about 15 minutes wall clock time. I forced the system down.I then ran MalwareBytes in safe mode with networking. The scan worked successfully. I showed zero infected items.I ran Defogger in normal mode. It worked fine.I ran DDS in normal mode. It worked also.I tried GMER in normal mode (Avast shields on). After more than six hours it blue screened. This was a different error than MalwareBytes had. "Page fault in nonpaged area" "stop: 0x00000050" "ufrcipob.sys"I then ran GMER in safe mode w... Read more

A:Unable to run MalwareBytes and GMER - BSOD

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 15 answers
RELEVANCY SCORE 67.2

I have pop ups and address redirects.
Then e-mail was hacked.
Have been following directions in Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Upon opening GMER, none of the settings can be selected. I ran GMER as is ad nothing was detected.
Here are the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Kuehl at 9:02:50 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1626 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalServ... Read more

A:Unable to create GMER logs

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461080 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 49 answers
RELEVANCY SCORE 66.8

Hi,

I recently had a virus/rootkit or some type of malware installed on my computer. Basically because I accidentally clicked yes to one of those "you're computer is infected" links. I ran Malwarebytes and AD-Aware before hand and I thought I got rid of everything, unfortunately I did not as Firefox still opens random tabs.

I read the first steps, my logs are attached below. Unfortunately I do not have a Windows Install CD, I think it's forever lost somewhere.

I read the previous posts similar to mine but was not able to figure out what exactly to do. Any help would be greatly appreciated!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Gov at 18:12:00.67 on Thu 05/13/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1727 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Firefox opens random tabs / redirects sites

Hi ettes and welcome to TSF.

If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Reply back with the following: C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 66.8

A few days ago, Microsoft Security Essentials (MSE) noticed a threat to my computer. I went to remove/quarantine it, but before I could my computer started acting screwy. Desktop background was deleted. All program shortcuts on my desktop were deleted. IE kept opening by itself (I never use IE), taking me to google-themed websites. I decided to do a System Restore to a day prior to this incident. This seemed to clear up most of the issues, but a few still remain. IE continues to open on its own, and Firefox crashes at seemingly random moments. Any help would be appreciated! Thank you very much.

When I check the history logs of MSE, this is listed: Trojan:Win32/FakeSysdef -Action Taken: Allowed.
I run Win 7.
I use MSE for anti-virus.



.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jack Package at 9:01:38 on 2011-08-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1944 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Progr... Read more

A:Possible trojan? IE opens by itself to random sites. Firefox crashes.

I just wanted to say that I'll be traveling to an area with limited internet connection over the next few days. I understand that the Malware Response Team can get backlogged with requests occasionally, but if you happen to respond soon, please be patient with me as I will try to reply as quickly as possible.

Read other 13 answers
RELEVANCY SCORE 66.8

Following instructions for virus/spyware removal and cannot get past GMER scan process. Each time I run the scan the computer locks up when attempting to save. I have tried it 5 times with no success. DDS.txt and Attach.txt files have been saved....no problem with this process. Scan process for GMER.exe. results in "not responding" message and entire screen locks up. Any suggestions?


savereportcrash

A:Unable to save GMER.exe scan results

Hi -

Post the logs from DDS.

Does gmer lock up if you try to save the initial scan?


Let's try this version of gmer. We're going to try running it in a different fashion, also.


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply

---------------------------------------------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 66.8

http://www.bleepingcomputer.com/forums/topic398102.html
At the request / advice of "CryptoDan" after I questioned the awfully poor upload speeds I've been experiencing, I tried to run both DDS.scr and GMER but have not been able to make any logs.

DDS.scr was recognised as an AutoCAD script file, and would not run in MSDOS. I cant work out how to disassociate the file tye either.

GMER ran, but after 3 or 4 hours locked up and froze my machine, and my keyboard and mouse stopped working. I had to restart it from the tower unit.

Is it worth trying to run GMER in safe mode? Is there an alternative log program?

A:Unable to create logs as advised - DDS, GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

Hi,

I have a computer that is severely infected with probably more than 5 viruses or trojans and probably with a rootkit. When I try to do anything on the computer from its built-in Windows 7 OS, the malware kill active tasks, windows and processes and the screen/active window flashes between active process when it starts killing windows/processes or is doing something. Also sometimes it tries to shut down the computer by showing the Shut down/Turn off computer window. Because of this, I am unable to run virus scanners directly from the built-in OS and also from a separate CD drive that is read-only. Also I am sure there is at least one fake virus scanner installed (360?) and another called Thunder networking which is not a "virus scanner", and the malware has infected the system files including the WINDOWS folder and the i386 folder, and possibly even the BIOS.

First I tried to run tools from within the Windows 7 OS: I tried to kill the active malware processes using Rkill, but it did not find/kill any processes. Then I ran the McAfee Stinger but it was terminated by the malware after 30secs-1min of running. I tried to use Hiren's Boot CD (v10.6) to remove the malware by scanning the hard drive as a data disk, but when I run the Mini XP on the Hiren's CD and run scanners like GMER or SuperAntiSpyware or CWShredder, by 5-15 minutes after running the scanner, the malware always kills them, closes all running windows, and tries to shut down the computer by s... Read more

A:Computer severely infected and unable to run GMER

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 3 answers
RELEVANCY SCORE 66.8

Hello! I seem to have the same problem everyone else is currently.
Firstly noticed it when google links re-directed in firefox, to some random links page. I tried to run Malwarebytes, but it will not open because
'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.'
I am the administrator on this computer and other programmes are beginning to run with the same problem.
I have run dds (see below and attached) but gmer won't run.
Any suggests you have would be greatly appreciated!
Many thanks
J

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Guerrilla Zoo at 19:27:19 on 2011-09-04
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3038.1047 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\1505844085:2326019750.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\... Read more

A:malware, gmer unable to run & google redirection

Hello and welcome to TSF

You've been hit with a particularly nasty infection, so please make sure all your important data is backed up before carrying out these instructions.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. You may want to print and/or save the following instructions in Notepad as this webpage will not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------... Read more

Read other 19 answers
RELEVANCY SCORE 66.8

Hi,

I have a computer that is severely infected with probably more than 5 viruses or trojans and probably with a rootkit. When I try to do anything on the computer from its built-in Windows 7 OS, the malware kill active tasks, windows and processes and the screen/active window flashes between active process when it starts killing windows/processes or is doing something. Also sometimes it tries to shut down the computer by showing the Shut down/Turn off computer window. Because of this, I am unable to run virus scanners directly from the built-in OS and also from a separate CD drive that is read-only. Also I am sure there is at least one fake virus scanner installed (360?) and another called Thunder networking which is not a "virus scanner", and the malware has infected the system files including the WINDOWS folder and the i386 folder, and possibly even the BIOS.

First I tried to run tools from within the Windows 7 OS: I tried to kill the active malware processes using Rkill, but it did not find/kill any processes. Then I ran the McAfee Stinger but it was terminated by the malware after 30secs-1min of running. I tried to use Hiren's Boot CD (v10.6) to remove the malware by scanning the hard drive as a data disk, but when I run the Mini XP on the Hiren's CD and run scanners like GMER or SuperAntiSpyware or CWShredder, by 5-15 minutes after running the scanner, the malware always kills them, closes all running windows, and tries to shut down the computer by s... Read more

A:Computer severely infected and unable to run GMER

This has been resolved: Unfortunately, I had to wipe the hard disk since my friend was requesting it back. But next time I encounter such a problem, I will follow the steps (from the other mirror post) and post the full logs, descriptions in the first post for faster resolving. Thanks.

Read other 1 answers
RELEVANCY SCORE 66.8

Hello,Think I am in trouble. I was infected with Malware that was a fake anti virus software. This has now gone following the running of various removal tools (Spybot S&D to name but 1). The problem now is that my Antivirus software will not run (McAfee). I am also stopped from downloading from a number of website (McAfee included). I was attempting to follow the advice on this site to create DDS and GMER logs but clicking on the links in the instructions did nothing. I hope some one can help point me in the right direction to remove whatever it is that I have on my PC - it is an Acer 5735Z running Vista.Thanks,Brian

A:Infected and unable to download DDS or GMER tools

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 66.8

Well, I tried to use DDs first. Told me that it's not compatible with my OS.
Moved to the next thing, Gmer, and most of the checkboxes were grayed out, and when I ran a scan of what I could it gave me nothing.

I think I may have a keylogger or a virus of some sort, I haven't seen any symptoms though. I visited a game server that turned out to be some sort of phishing server that installed bad files into the game. The viruses that it installed into the game are simple Lua scripts, but I believe they are able to create batch files and things, so they possibly left real threats on my machine. I don't know what to give you to help me..
Malware bytes full scan came up with nothing,
spybot came up with nothing,
and superantispyware came up with nothing,
But I want to be Totally sure I'm clean.

A:Possible problem, unable to use gmer or dds.. 64bit Vista

BUMP, please

Read other 3 answers