Over 1 million tech questions and answers.

GMer crashed my system twice

Q: GMer crashed my system twice

The first time I thought it was because I was running some other stuff at the same time, my system simply froze. I couldn't move the mouse or use the keyboard, but I did see the hourglass appear and disappear on my mouse cursor.

The second time I tried to use it I left it alone to scan and I got a blue screen error (which I took a picture of with my digital camera) and I took a screenshot of the log it posted after I rebooted my system, or the locations where the error files are. It told me the system recovered from a serious error.

RELEVANCY SCORE 200
Preferred Solution: GMer crashed my system twice

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: GMer crashed my system twice

Why are you running gmer? Do you have reason to suspect malware?

Read other 19 answers
RELEVANCY SCORE 58

I have a new HP Pavillion dv7 with 4gb Ram, i7 820 dual core & 1280gb of memory and its does not run well.

I started the Malware tutorial and got to the gmer.exe scan when it said it could not complete the scan. When i hit the scan button agfain the whole computer crashed to a blue screen. I started the computer again and ran the scan again and it did the same but it shut down the scan window by itself straight away.

Where do i go from here?

Also i am running Kaspersky 2010 for virus.

A:gmer.exe scan crashed?

Hello Timesaver78.Please try the gmer scan again. This time, however, please uncheck the box marked Devices in addition to the other boxes you were asked to uncheck earlier.Let me know if that doesn't work.~Blade

Read other 4 answers
RELEVANCY SCORE 58

My GMER anti-rootkit scan resulted in the following message 'GMER has found system modification caused by ROOTKIT activity'. How do I address/correct this problem? It is not specific.
 

Read other answers
RELEVANCY SCORE 57.6

I downloaded and tried to run DDS and GMER. For DDS the script seemed to complete, but then the system locked up and I could do nothing. It never did generate the log files. I had to reboot. I decided to remove Avira, fearing it might be interfering with DDS, but the same thing happened. The script runs, printing the hash marks until the cursor eventually begins flashing. No files are created and the system locks up.

When I ran GMER things seemed to be going OK, but then while scanning the system files dialog boxes saying the IE needed to close popped up. (IE was not running, nor was any other program.) I closed the dialogs and GMER continued. Then the screen saver came up and when I moved the mouse to return to the active screen, the computer restarted. This was after nearly completing the scan.

As I typed this, the IE dialog saying that IE needs to close has popped up, but I cam using Firefox.

What now?
Original Post:
I seem to have contracted a trojan of the type described above, at least that is what my Avira Guard pop-up says. I tried searching for it on the forum, but no exact match. I tried using an old Symantec Trojan.Qhosts removal tool, but it could not find anything.

I am running XP sp3 with Avira Free.

Any help to get rid of this would be greatly appreciated.

Thanks,

Rob

A:TR/Qhost.vqe Trojan? Crashed DDS and GMER

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

See if the tools will complete in Safe Mode: Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode and press 'Enter'.
Login on your usual account.
------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 57.6

I was going through the instruction in running DDS log files and then GMER. It was in the process of scanning with GMER. I had thoroughly went through the instructions and then suddenly in restarted my system and now it has been running a Startup Repair for the last 20 minutes with no progress. So what do I do now?? The only thing that wasn't working for me before was the internet but now I am unable to retreive anything.

Read other answers
RELEVANCY SCORE 56.4

I'm not sure what this system might be infected with.
 
(Previous Information...) http://www.bleepingcomputer.com/forums/t/538987/malwarebytes-crashes-when-attempting-to-update-gmer-crashed-too/
 
Logs are attached.
 
Combofix was run twice...
The combofix log attched is the latest one (which overwrote the previous one...)
The first time around, it deleted jre6/java and something in C:\Windows\, IIRC.

A:From : Malwarebytes crashes when attempting to update, Gmer crashed too...

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539031 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

Every time I try to update Malwarebytes on this system, it crashes. I've never installed it on this system before, so it's kind of strange.
Even in Safe Mode with Networking.
 
Gmer crashed while I was clicking inbetween the tabs at the top, so I started it again and then when I walked away and came back, Windows had BSOD, but rebooted before I had a chance to catch the error message.
 
Combofix runs without a problem, and has removed some things.
MSE is fine...runs but never seems to detect anything...but then again, it's MSE.
 
Windows 7 x64 (Service Pack 1)
 
What should I try/do next?

A:Malwarebytes crashes when attempting to update, Gmer crashed too...

Hello having run ComboFix we need you to repost with that log and a DDS log from  here...  Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

Read other 3 answers
RELEVANCY SCORE 55.6

I have an issue with being redirected to other sites when I search the internet with IE or Firefox.
I was following your Preparation Guide, but I have an issue when I run GMER scan.
I started the GMER scan. After a few seconds the screen went blue.

I could not print the error message, but the pertinent parts seemed to be:

pxtdypog.sys
PAGE_FAULT_IN_NONPAGED_AREA
Step: 0x00000050 (0xF898B008, Ox0000000, 0xB770F3CB, 0X00000000)
pxtdypog.sys Address B770F#CB base @ B77013000 Date Stamp 4dc139C7

Should I try to run GMER scan again?
Thanks

A:Redirect virus. Computer crashed running GMER scan

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 28 answers
RELEVANCY SCORE 48.4

I have first been getting these problems when I downloaded Comodo IS Pro. Apparently when I approached them for help,the technician did not reply to me after telling me to install.

Thus I did a system restore and the computer could load in normal mode(however the screen,etc loaded slow like hell.)

Yesterday, I downloaded comodo firewall and something familiar appeared

From Problem Reports and solution, these are the service that crashed:

4X svchost.exe
1X lsm.exe
1X sandboxie.exe
1X wininit.exe

But guard32.dll from comodo is the module causing it according to Problem Reports and Solution, but anyone knows why and how to solve it?

A:Svchost crashed, windows start up crashed, local session manager crashed

Have you tried uninstalling Commodo to see if it is causing the problem?

Read other 3 answers
RELEVANCY SCORE 46.4

hi all,

my win 7 pc crapped out. its not the disk. i have an image made on acronis. i bought a new win 10 pc. whats the easiest way to get that win 7 image with all my applications onto the new win 10 desktop? i want to get rid of windows 10. i would like my image working on new pc (new hardware) as i will not have to reinstall and configure everything again.

i tried swapping the old pc disk into the new pc, but the new pc would not boot: says invalid disk. could it have something to do with the MBR or that UEFI thing?

A:System crashed, how to restore Windows7 system image into new desktop

you're going to be in a world of pain if you want to do this but have no access to the old computer. In this situation, a SYSPREP with the generalize function is run in Windows 7 to prepare it for migration to new hardware.

You can try cold turkey like you did, you may have to switch to AHCI drivers from IDE or IDE to AHCI depending on what you had before to get it to boot. The boot sector may be a problem too. If you used standard MBR in the past then check your BIOS on the new PC to see what adjustment you can make.

Read other 1 answers
RELEVANCY SCORE 46

Hi there, I'm not able to gmer the system at all, the program starts, does a few minutes and then freeze, only way to regain access to pc is re-booting it

I managed to clean a few viruses using avira, but I think there must be something else creating problems randomly.
Thanks in advance for your time
DDS (Ver_10-12-12.02) - NTFSx86
Run by Roland at 21:18:37.56 on 10/02/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2418 [GMT 0:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled*
FW: AVG Firewall *Disabled* <<<< Edited to mention that AVG and all his componets were uninstalled, no longer on the system >>>

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Progr... Read more

A:Not able to GMER the system

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers ... Read more

Read other 8 answers
RELEVANCY SCORE 46

I was recently helped by Jack & Jill in another forum.

www.bleepingcomputer.com/forums/topic410391.html/page__p__2341595__fromsearch__1#entry2341595

I received clearance from the Malware forum to create this post.

After my topic was closed, I installed the updated Windows Vista Service Pack (the one I had was outdated). Upon completion of update my system crashed. I cannot even run System Restore (it never reaches completion).
When I try to start my computer I get the following message:
!!0xc0000034!! 185/49206 (program_files_windows_nt_tabletextservice_...)

Unfortunately I do not have any recovery CDs. Any help is greatly appreciated,
Maureen

A:System Crashed - Unable to utilize System Restore

Can you start up in safe mode?

Read other 21 answers
RELEVANCY SCORE 45.6

I am working with a Dell Inspiron N7010, with an Intel Core i3 CPU [email protected] GHz, with 4.GB RAM, 64-bit OS; running Win 7 Home Premium.

Over the last month, my system has slowed down significantly. I'm primarily an ie user. My system startup appears to be taking longer and longer, opening ie takes quite some time. Opening a new tab or browser and/or having multiple tabs open is taking longer and longer.

I've followed the pre-posting steps to clean my system, with no improvement in speed.

I don't know if I am infected or not, or if it is something as simple as memory and/or my ISP, or what; I ran through Security Check, MiniToolBox, MBAM, GMER on the AmIInfected board; they had me run a DDS and GMER. DDS ran and created a log, but GMER wouldn't complete. Please advise. (Logs follow for reference).

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brian at 18:13:46 on 2011-12-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2271 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\... Read more

A:System slowdown; please see DDS and GMER

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432094 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 32 answers
RELEVANCY SCORE 45.6

I have been receiving emails from myself - changed passwords from various computers and singled out the unit... however when I run GMER it is freezing up my system. see below & attached logs so far... thank you

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jack Menashe at 15:49:43.26 on Mon 03/28/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.129 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTT... Read more

A:GMER Freezing system

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Nothing suspicious was found on your DDS log.

Unless you have some issues with the computer I do not need to see the GMER log.

Please run this security check for my review.

Download Security Check by screen317 from here or here.Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

Read other 1 answers
RELEVANCY SCORE 45.6

Ok, yesterday, on Feb 05 2011 (PST) I opened a suspicious looking file. It was on my cousin's harddrive which he brought from Belarus. My antivirus programs didn't detect it. Now I think i'm infected. The reason why I think that is that GMER woudn't start. It just crashes the computer without giving a BSOD... Also, I want to add that MBAM detected 'Worm.Palevo' editing registry and ESET detected a file named 'gsyzq.exe' in 'C:\Documents and Settings\Owner'. gsyzq.exe is a hidden executable with a folder icon. Here are logs from DDS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 17:12:12.07 on Sun 02/06/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT -8:00]

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files&#... Read more

A:GMER crashes system!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 4 answers
RELEVANCY SCORE 45.6

Greetings, first post. Thanks for having me I like to think that for years I've been to some pretty frightful places on the Internet and emerged unscathed. Until last night. I have no recollection of doing anything out of the ordinary, but suddenly, my notebook won't stay running.My notebook is a Dell XPS M1210 loaded with Windows 7 x64 SP1. The build is probably 15 months old. Protection is the Windows Firewall; MS Security Essentials; a huge blacklist hosts file managed with HostsMan; and OpenDNS. Starting tonight, it sometimes BSODs during the "Please Wait" screen, or at the desktop, always complaining of irql_not_less_or_equal, sometimes IASTOR.SYS is the culprit. Each time the dump code looks a little different to my eyes.Other times it freezes in Windows, the uptime varies greatly but never longer than 2 minutes. The cursor stops moving and the keyboard becomes unresponsive. The system just sits there, silently mocking me I've run Dell's hardware diagnostics, and Seagate's complete drive test. No errors reported on either front.The problem is not evident when booting a different HDD loaded with XP SP3.I've been working my way through the Preparation Guide. I was able to run DeFogger and reboot, and then it took me about 10 tries to get the system to stay upu long enough to run DDS. I couldn't get it to run GMER; it said something about c:\windows\system32\config being unaccessible. But...the system looked... Read more

A:System freezes before it can run DDS or GMER

Hi timtrace, and welcome to Bleeping Computer.Firstly,Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.Execute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, ensure Cure is selected (it should be by default).Click Continue then click Reboot now.
Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
Please post that log here.Secondly,Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

Read other 4 answers
RELEVANCY SCORE 45.2

Hi,

I have attached my logs, i just want to double check that my system is safe as i don't use AV but i think everything should be fine.

Thanks,


DDS (Ver_10-11-27.01) - NTFSx86
Run by Admin at 19:20:50.43 on 02/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3069.2573 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044... Read more

A:Is my system clean (GMER, DDS attached)

bump, thanks guys.

Read other 3 answers
RELEVANCY SCORE 45.2

Upon attempting to post about my web searches getting redirected in google to random sites i had tryed to run gmer exactly as instructed and i keep getting a bluescreen crash and i believe it says something about a file named inyafakj.sys. This has happened only one time before just recently while having the search redirection problem. here is my DDS...


DDS (Ver_09-07-30.01) - NTFSx86
Run by My HP at 16:35:20.40 on Tue 08/25/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1704 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\Windows\Sy... Read more

A:system crashes every attempt to run gmer

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If that won't work, also uncheck Devices. If still no joy, try Safe mode. Still problems? Use this next tool.

Download RootRepeal to your Desktop. Double click RootRepeal.exe to open the scanner. Next click on the Report tab, and then click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

You will then be asked which drive to scan. Check C: and click Ok again. The scan will start. It... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

Hi guys, I ran GMER on my computer earlier this month. I don't have an infection (I don't think) but I was curious to check. It found some user code sections and some threads for the .NET optimizer. I'm curious to know whether or not that's normal in a baseline system, or indicative of something sinister.
 
Here's the log. Thanks :)

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-11 15:25:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119.24GB
Running: 2013.04.04 5qtb6cww.exe; Driver: C:\Users\HP_Owner\AppData\Local\Temp\pgddqpoc.sys
---- User code sections - GMER 2.1 ----

.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000075f61465 2 bytes [F6, 75]
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  0000000075f614bb 2 bytes [F6, 75]
.text   ...                                                                 ... Read more

A:Is there a typical GMER log of an uninfected system?

Sorry for the delay. Trying to interpret GMER results can be confusing at best as there could be many legitimate entries in there.I can tell you that with VMware installed on my machine, I am receiving many of the same results you are. I am not using some of the apps listed, including Vmware shared folders, so not seeing results for those obviously.My gut is that your log looks fine.

Read other 3 answers
RELEVANCY SCORE 45.2

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 17:01:29.09 on Sat 05/22/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.454 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=... Read more

A:30 Second System Shutdown DDS/GMER Stuff

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 19 answers
RELEVANCY SCORE 45.2

I have this horrible System Security virus. I am not able to run the reports you request in "First Step." I cannot get into Task Manager to try to stop it. I am unable to get to Remove Programs to try to remove it. I have avast software that I am able to run, however it is not recognizing the virus. I have Super AntiSpyware on the machine, but the virus is preventing me from opening the program. Also I cannot get into msconfig or regedit. This morning I tried to open Word and could not do so. I also cannot print. Ugh...

Also, when I try to backup I get a message on each file. The File_Id has extra information attached to it that might be lost if you continue copying. The contents of the file will not be affected. Do you want to copy it anyway?

A:System Security virus (cannot run DDS or GMER)

Hello and welcome to TSF

Let's try to get a GMER log. You must have extracted gmer.exe to your desktop for this to work.

Open Notepad and copy/paste the text in the quotebox below into Notepad:


Quote:




@echo off
copy /y gmer.exe omer.exe
start omer




Save this as run.bat Choose to "Save type as - All Files" next to gmer.exe
It should look like this:
Double-click run.bat & allow it to run.

Then, use these settings to produce a log.
If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

=======
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Onc... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

Hi,Within the past 24 hours or so my laptop began showing symptoms of System Check malware. I tried to follow your guide to self-remove the files, but I had no success. In preparing for this post, I also tried to run DDS and GMER. I can download DDS, but it stalls in the middle of running, requiring a system reboot. GMER downloads as well, but upon running the .exe produces an error: load Driver ("C:Docume~1\Rob\LOCALS~1\Temp\pwryypod.sys") error - cannot create a stable subkey under a volatile parent keyAfter this error occurs, I am limited to only scanning some of the possible directories, which do not include all of the ones you recommend to investigate. I had some success with using OTL to scan my system. Below I'll post the OTL.Txt file, followed by the Extras.Txt file. OTL logfile created on: 3/16/2012 3:20:41 PM - Run 1OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Rob\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.31% Memory free3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.12% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% ... Read more

A:System Check Malware - Can't Run DDS or GMER

Welcome to Bleeping Computer, jonesy4321!System Check is a member of the FakeHDD family, and is known to bundle with the TDL rootkit. Let's see what the following short scan shows...Please download RogueKiller•When you get to the website, go to where it says:(Download link) Lien de téléchargement: •Click the dark-blue button to download.•Save to the Desktop•Close all windows and browsers•XP: Double-click the program to run itAt the RogueKiller console...•Press: SCAN•When done, a report opens on the Desktop: RKreport.txt Please copy/paste the RKreport.txt , and provide it in your reply.Note:If you cannot download, but can run programs, instead of downloading the program requested to the problem computer, download it to a clean computer.Next, save it to a USB flash drive (or removable media), move it to the Desktop of the infected computer, and run the program as described on the instructions above.

Read other 27 answers
RELEVANCY SCORE 44.8
A:It says Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.1. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE2. We Need to check for Rootkits with RootRepealDownload RootRepeal from the following ... Read more

Read other 21 answers
RELEVANCY SCORE 44.4

Yesterday I ran dds and GMER as instructed before posting a thread. Immediately after running GMER my system became EXTREMELY slow. It now takes 8-10 minutes to boot up, then CPU runs at 90%-99% (without IExplorer open) for 15-20 minutes. Hibernation and return from hibernation also takes over twice as long.

There is also a hesitation in the mouse pointer as it moves. Processes in task manager, sorted by CPU%, do not match CPU% reported on status bar.

Malwarebytes Anti-Malware reports no threats. MS Security Essential running for 3 months and scan shows no threats.

I need help!!!!!

Here is the latest log from HiJackThis --------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:56 AM, on 10/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI... Read more

A:HELP HELP - After Running GMER System is EXTREMELY Slow

I finally managed to fix this issues BY MYSELF.

I had to delete the MasterIdDataCheckSum value for the primary IDE channel so it would reset to "DMA if available". The interrupt activity stuck at 50-80% has stopped.

Thanks for the TOTAL lack of help here.

What a lousy forum. Worst I ever visited.
 

Read other 1 answers
RELEVANCY SCORE 44.4

OS: Windows 7 SP1 Fully updated, 64-bit
GMER "always" complains about not being able to access registry files. Isn't that it's main purpose? GMER: "the process cannot access the file because it is being used by another process." "Okay...", so let's try this offline then. I mounted an image of my current OS... GMER responds by incessantly scanning my current running OS and system drive.
GMER will not scan my external hdd or my other internal hdd. It behaves this way on all of my PC's, in normal mode, in safe mode and even when using a live CD like Mini-XP. In fact, GMER scans Mini-XP's X: drive because it's the "current" OS. I've forgotten how, but in Mini-XP I've even got GMER to detect my decrypted OS image and it scanned it but failed with the same errors. Why does Hiren's BootCD even include it or many other programs that do not work for that matter?
aswMBR always crashes, with a typically useless default exception code of Oxc0000005 which could mean a number of things and displays "Avast Antirootkit has stopped working..."
catchme says it detected something. I'm not sure I believe that. It's probably detecting encryption hooks or KeyScrambler or some other security specific software. But it says:
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQuery 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1375723995, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -469754331, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 5
Initialization e... Read more

A:GMER insists on only scanning the system drive and it's OS.

GMER "always" complains about not being able to access registry files. Isn't that it's main purpose?Not quite...GMER is an advanced stand-alone tool that will help investigate for the presence of rootkit activity. It will not actually tell you if you are infected or not unless you know what you're looking for. GMER compares the output from system function calls direcly into the operating system to output from calls generated by their own functions. Any differences between it's own implementation and that of the operating system is reported as a hidden file, service, registry key, or device. GMER also looks for hidden code modifications and API Kernel hooks as well as many other checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.Most of the log listings are dumps of raw memory data structures from the Windows Kernel which handles access to files, registry keys, hardware and from the system processor tables. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.GMER is known for being extremely good at rootkit detection, but it is also known for occasionally being unstable on some computers. There are varying reasons GMER will not run properly. CD Emulators (Daemon Tools, Alchohol, Astroburn, AnyDVD) should always be disabled first if using them and sometimes you have to uncheck some of the scanning optio... Read more

Read other 4 answers
RELEVANCY SCORE 44

Hi,I've brought my work pc home as it seems to be infected with a virus.Symptom: no internet connection (I'm typing this from my laptop).When I got to step 5 in your process and clicked on Network Connections in Ctrl Panel, I got the message:Network Connections Folder was unable to retrieve the list of Network adapters on your machine.In Step 6, I got a 503 unavailable when trying to disable CD emulation software (I don't know if I have any such software).When running DDS I got this message:Windows - Delayed Write Failed. Windows was unable to save all the data for the file \Device\Harddisk\DP(1)0-0+6. The data has been lost. This error may be caused by a failure of your computer or network connection.GMER did not find any system modifications (the scan took around 7 hours - I'm not sure if that's normal?)Can anyone help me please?Thanks very much,CliffDDS Report pasted below.'Attach' file attached.Message board does not seem to let me attach 'Ark.txt' - I get the message "You did not select a file to upload". I've just checked the file and the report is blank (maybe this is because Gmer did not find any system mods?)DDS (Ver_10-10-10.03) - NTFSx86 MINIMAL Run by Administrator at 9:19:53.43 on 10/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1640 [GMT 1:00]AV: AVG Anti-Virus Business Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F... Read more

A:No internet connection, GMER did not find any system modification

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 44

Hello,

In the past few days, I have been dealing with an absolute mess of malicious programs, beginning with what seemed to be a bundle of "System Fix" and TDSS (TrendMicro claimed to have caught Alureon, but unfortunately I still had to use TDSSKiller). I am still seeing odd behavior - occasional massive popups in Firefox (~ a dozen tabs) and PING.EXE is running compulsively and taking up huge amounts of CPU usage. MalwareBytes is finding nothing, but GMER indicates rootkit activity. also DDS log below, attach.txt and ark.txt attached. What should be my next move?

-J

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by JSirk at 11:03:50 on 2011-12-01
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3536.1276 [GMT -6:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C... Read more

A:PING.EXE, GMER positive; post-"System Fix / TDSS"

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

Read other 14 answers
RELEVANCY SCORE 44

I am unbale to get GMER log file as my system crashes and restarts after about 30 minutes of running the program. Any help is appreciated more than you could know!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:49 AM, on 11/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Glary Utilities\initialize.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Up... Read more

A:No sound in browser, redirects GMER craches system???

Read other 16 answers
RELEVANCY SCORE 44

I have been trying all afternoon to gather the requested logs in order to ask for help, but each time I run the GMER rootkit scanner, my system either restarts after scanning for over 30 minutes or this last time, seemed to have finished scanning but froze, not allowing me to save the log. I ran the GMER scan in safe mode, but froze up in safe mode as well.
I am having a problem with emails being sent from one of my accounts that contain a link to random websites. This has been happening for the past two days , always being sent to the same recipients and is a blank email, except for the different links listed in the body of the email. I have recently encountered (over the past couple of weeks) Mcafee being disabled seemingly on its own, but that seems to have resolved. The systems runs very slow, and I am waiting for the delivery of an external hard drive so I can clean the system of things that don't really need to be there. But now I realize there is a bigger problem than a bogged down system.
I appreciate any help which can be given to me.
I have included the dds.txt and the attach.txt hoping this will give some information on where I should begin. I will keep trying the gmer scan.

DDS (Ver_09-12-01.01) - NTFSx86
Run by MOM at 13:54:43.25 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.268 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD... Read more

A:GMER rootkit scanner freezes or shuts down system

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-----------... Read more

Read other 19 answers
RELEVANCY SCORE 44

I am running XP SP3 on a Dell Lattitude D630. A few weeks back I noticed performance (speed / response to web sites, etc - overall sluggishness) issues. I was running Avast professional for AV - it did not report any issues on full scan or boot scan. I also ran Malwarebytes and it did not find any issues. ESET remote scan I don't believe found anything either. I then ran Avast aswMBR and it found a file it indicated that had a CRC error (sorry I no longer have the details).

Performance seemed to get better, but last week I decided to take another look at the issue. I ran TDSSKiller - it found nothing. I then ran GMER and unfortunately it appeared to lock up the first time. I then rebooted the laptop (hard) and ran GMER again. This time it BSOD'd indicating an issue with atapi.sys (sorry - again no further details).

I rebooted, and the unit BSOD's again - still showing atapi.sys as the cause.

Subsequent attempts to ring GMER resulted the same.

I had read on another blog that AVAST might be causing the issue, so I uninstalled Avast, and installed MSE. Ran a full scan with MSE - found nothing.

Tried GMER again - and BSOD.

I am currently running Microsoft Safety Scanner which is about 10% done - but I am assuming it will find nothing.

Another strange thing is when I run Task Manager and monitor the system processes, the detailed list may indicate that CPU is 85% idle (sorting list by CPU utilization, but the summary line at the bottom of the displa... Read more

A:System running slow, GMER results in BSOD

Should I have opened this in the Virus/Malware Topic? If so, how do I go about moving this post to that forum?

Read other 1 answers
RELEVANCY SCORE 44

As I mentioned in the title, GMER causes the system to crash with no notification - the screen simply goes blank and then the system reboots.The redirects occur in both IE 8 and Firefox 3. They were happening in Chrome until I installed and ran AVG.Obviously, there is no ark.txt attached as I have not been able to generate it. Is there another program that I could use?DDS.txt-----------------------------------------------------------------------------------DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:36:30.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.419 [GMT -10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\system\hpsysdrv.exeC:\WI... Read more

A:Google Searches Hijacked and GMER crashes system

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 44

Here's my problem:

When I turned on my laptop yesterday morning, the screen was all black, like the system was hanging. So I decided to take out the batteries, put them back in, and turn the laptop on again (I do this everytime it hangs--no problem whatsoever). Upon turning on, a black screen with "Windows is loading files..." appeared. When it was done, a blue background picture appeared (which was not my wallpaper, but looked Microsoft-ish), and Startup Repair started.

Startup Repair started checking my system for probems. After it was done, it said that Startup Repair cannot repair this computer automatically. Sending more information can help Microsoft create solutions: 1) Send; 2) Don't send. I didn't send it, cause I can't bloody well connect to the Internet. The problem event name was StartupRepairOffline.

HP's Recovery Manager then popped up. From there, I had three choices: 1) Microsoft system restore, 2) Run computer checkup (I could also run Command Prompt from here), and 3) File backup program. I tried restoring to just before the problems appeared, but it failed. The I tried backing up, but it wouldn't allow me to click "Next" and proceed for certain file types like pictures & videos. I can only backup HTML files and file settings.

So I decided to run HijackThis from an external hard drive by opening Task Manager using Command Prompt. It ran and I saved the log (see below). But when I run DDS, the window s... Read more

A:Corrupted Windows 7. Can't Restore System, Can't Backup, Can't Run DDS & GMER.

Read other 7 answers
RELEVANCY SCORE 44

Hi :-)I'm experiencing some nasty adware infection that open IE windows with ads and also manages to insert ads in regular browser windows.I've run hijackthis and noticed the profitiseme and profitmuse applications, I searched them and found out they were malware. I've then run pretty much all anti-malware software I could find and they now seem to be gone from the hijackthis log. However, ads still appear.At some point a fake msn messenger called "msnmsg. exe" was also installed, trying to access the internet, which I blocked. This seems to be gone as well.When trying to run GMER the system crashes with a BSOD, if necessary I can try to make it happen again and post the error code.So I had to run GMER in safe mode. The problem seems to be located in the spoz.sys and iaStor.sys files.rkill shuts down these programs after system launch:C:\WINDOWS\system32\dumprep.exe\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXEHere's the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Thger at 17:55:22.82 on Tue 05/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2272 [GMT 2:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\... Read more

A:Profitiseme/profitmuse + other possible infections. System crashes on GMER

Good evening. The DDS log appears to have been cut short. Will you check if this is the case and post the full log if it is. Also:Download Sec-Info.zip from here and save it to your Desktop. You will need to extract the file.Right click on the zipped folder and from the menu that appears, click on Extract All...In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on FinishYou should now see a folder with a .vbs file in it. Double click Sec-info.vbs to run it and a text file called Sec-Info.txt should be created in the same folder - either that or you'll get an error message.Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

Read other 6 answers
RELEVANCY SCORE 44

Here's my problem:

When I turned on my laptop yesterday morning, the screen was all black, like the system was hanging. So I decided to take out the batteries, put them back in, and turn the laptop on again (I do this everytime it hangs--no problem whatsoever). Upon turning on, a black screen with "Windows is loading files..." appeared. When it was done, a blue background picture appeared (which was not my wallpaper, but looked Microsoft-ish), and Startup Repair started.

Startup Repair started checking my system for probems. After it was done, it said that Startup Repair cannot repair this computer automatically. Sending more information can help Microsoft create solutions: 1) Send; 2) Don't send. I didn't send it, cause I can't bloody well connect to the Internet. The problem event name was StartupRepairOffline.

HP's Recovery Manager then popped up. From there, I had three choices: 1) Microsoft system restore, 2) Run computer checkup (I could also run Command Prompt from here), and 3) File backup program. I tried restoring to just before the problems appeared, but it failed. The I tried backing up, but it wouldn't allow me to click "Next" and proceed for certain file types like pictures & videos. I can only backup HTML files and file settings.

So I decided to run HijackThis from an external hard drive by opening Task Manager using Command Prompt. It ran and I saved the log (see below). But when I run DDS, the window suddenly closes. When I... Read more

A:Corrupted Windows 7. Can't Restore System, Can't Backup, Can't Run DDS & GMER.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:09:42 PM, on 10/27/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
X:\windows\System32\smss.exe
X:\windows\system32\csrss.exe
X:\windows\system32\wininit.exe
X:\windows\system32\csrss.exe
X:\windows\system32\services.exe
X:\windows\system32\lsass.exe
X:\windows\system32\lsm.exe
X:\windows\system32\winlogon.exe
X:\windows\system32\svchost.exe
X:\windows\system32\svchost.exe
X:\windows\System32\svchost.exe
X:\windows\system32\winpeshl.exe
X:\Windows\RM\Launcher.exe
X:\windows\system32\svchost.exe
X:\sources\recovery\recenv.exe
X:\sources\recovery\StartRep.exe
X:\windows\system32\svchost.exe
X:\windows\System32\svchost.exe
X:\windows\system32\svchost.exe
X:\Windows\RM\RecoveryMgr.exe
X:\Windows\System32\Cmd.exe
X:\windows\system32\conhost.exe
X:\windows\system32\taskmgr.exe
D:\Program Files\7-Zip\7zFM.exe
X:\Program Files\Smadav\SM?RTP.exe
D:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
D:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
G:\Apps\Security\Anti-rootkit\HijackThis 2.0.5 (Beta)\HijackThis.exe
X:\windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Sear... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

Hi, I have had some issues with my computer since Memorial Day weekend when it appears to have been infected with a number of virus/malware/spyware/trojan's. Initially it would not boot (in normal or safe mode) but I was able to address that on my own. The major issue that I found was that it was infected by a fake windows security program (which I knew was fake from the get go so never gave any personal information). It now boots and I have run a number of programs (Panda, Windows PC Scan, McAffee, Malwarebytes, etc) that have taken care of most of the issues. I am currently using Microsoft Security Essentials as my primary real time protection software. The issue that I am still having is that when I do a search in google or yahoo the search results come up looking normal but then when I click on them they take me to random sites, sometimes advertisements, sometimes other sites. Generally my computer is performing ok, but I definitely feel that there is something going on behind the scenes in addition to just the redirect issues because it will sometimes freeze or crash for no apparent reason. When I was going through the guide for use on your site I got through everything fine until I reached the GMER scan. I was able to download and start the scan, but then the scan screen went white (no images or task bar). It eventually returned to normal but within seconds the computer went to the blue screen saying I had a serious system error and restarted itself. I was not able ... Read more

A:Google/Yahoo Redirect issue, GMER system crash

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

I think that I wiped out some registry files prior to rebooting. Now can not access system, not even open BIOS setup.
Put Win xp pro disc in and rebooted many times, pushing DEL to open BIOS setup, but can not. Only comes up motherboard flash screen.

I really screwed up and have no idea how to access BIOS setup. This is a work machine so in a tight spot.

Any suggestions would be great!

Bob
 

A:HELP! Crashed system.

What were you doing to your computer before this happened? Where you flashing the BIOS?
 

Read other 2 answers
RELEVANCY SCORE 43.6

My laptop crashed, system 32 not found/corrupted, i bought a boot cd ( not realising i had one supplied with the laptop). The bought disc then reloaded xp pro, so no files, no office programs. When i did find the right disc and press f8 on start up i have 3 windows xps to choose from bottom is the corrupted one middle is the clean version and an incomplete one. When i load the correct boot cd it states i do not have enough ram memory, can i delete the top 2 xps? I just want to get back to the corrupted version and give the original boot cd another try.

Read other answers
RELEVANCY SCORE 43.6

my system got crashed and I managed to reboot with the cd of Lenovo but its not working as it was so I do like to know that can I get my system's factory settings if yes- how could I get it.
Thank you bon400

A:system crashed

Hello.
Is the system a Dell server? If so, what model, operating system and controller?

Read other 3 answers
RELEVANCY SCORE 43.6

crashed drivers and only message appearing F2 set up and f12 to change boot service and keeps switching itself on and off and I cant reload new drivers online and retieve my data.pls help

A:crashed system

i m an windows 7 and cant reload and retieve my info,keeps restarting wih F2 and F12 msgs

Read other 3 answers
RELEVANCY SCORE 43.6

I am running vista on an acer laptop. Last night it crashed. When i turn it on a black screen with safe mode options pops up. I tried that but it starts to load and nothing happens after that. I don't mind if i can't recover any files because all i really had on there was pictures and music.

If there are any tips that could help me out to get my computer up and running again, please let me know.

Read other answers
RELEVANCY SCORE 43.6

First off, thanks to everyone ahead of time for helping me!

Alright, so I just moved to a new house and hooked my computer up to the internet for the first time on the new IP. I was on for just a few minutes when I got a "Send error report" saying that "the system has recovered from a serious error". When I go to click anything, I get the BLUE SCREEN OF DEATH!! Now it happens everytime within a couple of minutes when I load my desktop. Now I don't really think it has anything to do with a different IP or anything like that, but I've been messing around with other forums for days now and still haven't been able to fix this problem so I decided to jump in the forums and post my own thread and just hope I can get this fixed.

A:My system crashed, please help!

Hopefully the computer wasn't dropped when you moved from house to house. Also hopefully the computer was packed up right and didn't get banged around inside the truck or whatsover.

One thing you can do is to check the HDD for any errors. Go to the manufacturer's website of the hard-drive and download the latest diagnostics utility. Then put the program onto a CD, boot the computer to the CD, and test HDD for any errors. If there are any errors, then it's time to backup your files ASAP.

Another thing you can do is to perform a windows repair on your computer and hopefully windows repair will fix the problem.

Also try reseating computer parts. Reseat the videocard, cpu, and memory sticks and make sure they are on the motherboard tight.

You can also perform a check disk repair. Go into my computer and right click on the C: drive. Then choose properties and then click on the tools menu. Click on "check now" on the error-checking section and then make sure the two boxes are checked. Click on start and reboot your computer and let check repair do it's thing.

Read other 2 answers
RELEVANCY SCORE 43.6

My windows vista crashed for no apparent reason and it will continuously direct me to a black screen with an option to continue normally or launch startup repair.

Normal startup doesn't work, and the repair gives me the message "cannot repair this computer automatically". I send the info to microsoft and it gave me no options to fix it

And although I have attempted the repair several times already, for some reason it says number if repair attempted:1

Root cause found:
----------------------------------
Startup Repair has tried several times but can still not determine the cause of the problem."

Root cause found:
----------------------------------
Unknown bugcheck: Bugcheck 7f. Parameters = 0x0 0x0 0x0 0x0.

Repair action: system restore
Result completed successfully

Note this is the results from 2 separate occations

I have tried System restore to an older date but it did not work

I have tried safe mode, did a dskchk with /f but didn't do anything

Unfortunately I have made no backup

Also, the windows came with the computer so I don't have any disks or anything

A:System crashed please help!!

I am no expert,but the same thing happened to me with my laptop in October. I called my computer manufacturer's tech service and we went through most of the F8 options and none of them worked except for the options under recovery manager: I had a choice of full factory recovery or recovery with automatic data backup and I chose recovery with automatic data backup. Because I chose recovery with backup,I retained all of my files. I don't know if your computer has that option or not. But,if all else fells you may be able to do that.

There are probably other things you can do first. Other people with more knowledge than me might have other suggestions,I'm sure.

Good Luck!

Read other 4 answers
RELEVANCY SCORE 43.6

recently i changed my window 7 home premium to ultimate, lost all my programs. my vaio assist button are no longer working and i ve no back up either...kindly assist me

A:system crashed

Hi and Welcome to TSF!

If you did a full reinstall then the new OS may have deleted all of your files.

How did you go about upgrading from Home Premium to Ultimate?

Read other 1 answers
RELEVANCY SCORE 43.6

crashed drivers and only message appearing F2 set up and f12 to change boot service and keeps switching itself on and off and I cant reload new drivers online and retieve my data.pls help

A:crashed system

i m an windows 7 and cant reload and retieve my info,keeps restarting wih F2 and F12 msgs

Read other 3 answers
RELEVANCY SCORE 43.6

Hiiiiiiiiii all

My XP.system have been crashed , I was doing some particular updates and when it done and reboot the system I can not log in to the XPsystem .

I have two systems in my device the other one is ubuntu , as we know when I turn on the device the system Give me a suggestions to select which system I want so I choose windows but the problem is the system again restart from it self and it still do that just with xp but it okay with linux , I think I need to delete the files of current updates but how can I log in to windows ?

- I can not reach to the welcome screen
- Safe mood as normal mood , which mean it still restart
- I lost the CD's of system

A:My XP.system have been crashed

From the Advanced Options Menu choose Disable automatic restart on system failure instead of Safe Mode.
Post the lines under the Technical Information section, the Stop code and any file names it mentions.

Do you know which updates you were installing?
If you were installing the KB977165 update, and have the version before MS added code to check for the presence of a rootkit, that could be the cause. Installing the update on an infected system causes blue screens or restarts.

Check the Windows partition for this folder:
WINDOWS\$NtUninstallKB977165$
If present, check in the spuninst subfolder for the spuninst.txt file

The spuninst.txt file contains the commands that the Recovery Console would use to uninstall the update. It's a list of Delete and Copy commands to delete the new files, and restore the old version. The last command makes a copy of the spuninst.txt file named spuninst.tag so that Windows Update will know it's been removed.

You can do each command from Ubuntu if you don't have an XP CD.
If you have access to a Vista/Win 7 DVD or can download one of the Vista/Win 7 Recovery Environment CDs, I have a batch file that can uninstall the update as well.

Vista Recovery Environment CD
64 bit Vista
32 bit Vista
Win 7 Recovery Environment CD

Read other 1 answers
RELEVANCY SCORE 43.6

Hello I recently installed suse on my computer and I also have windows xp installed on a seperate partition. Since I am an idiot I was on windows xp and I decided to delete the suse partition trough windows. After I deleted the suse partition, I restarted windows and like ususal it said Grub loading, but I got an error because obviously suse is no longer there, so I put in the win xp disc and tried to repair windows. I thought if I deleted the 956 mb swap partition it would correct the system from trying to load Grub, but it actually made things worse and now I cannot even load the windows xp disc. Now when I try to load the xp disc it says inspecting system configuration then the screen goes blank.........I dont know what to do! Help!
 

A:Help system crashed

Read other 10 answers