Tech Problem Aggregator

DDS downloaded but not GMER

Q: DDS downloaded but not GMER

HI,I've got malware problems, I'm tired of paying mac bleepty, and heard about AVG.I downloaded DDS, but can't seem to down load GMR. I have vista home premium 32 bit running on a 64 bit computer, mainly because some of my old programs wouldn't run on vista ultimate 64 bit software. I've attached the two files requested.PaulActually, I have to add that Gmer downloaded but is trying to extract and doesn't seem to be able to. I tried getting task manager up to shut it down and try again but task manager gives a file error...I'm tempted to reboot and try running gmer again.PaulEDIT: Posts merged ~BPHi,I was finally able to run gmer in safe mode, and have attached the log file. Hopefully you guys aren't too busy. For the most part, right now I think I have a malware problem, where a program comes up and tells me I have worms, or identity theft and to purchase their software to fix the problem. Thanks in advance for your help.PaulEDIT: Posts merged ~BP

A: DDS downloaded but not GMER

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

3 more replies
Answer Match 60.9%

I am using my little Mac book, running XP and was trying to get rid of the Babylon search engine and did a search and came upon and answer to "cannot remove babylon search engine" from Kevinf80 who provided a possible fix so I went thru all the processes he suggested which was run TFC then OTL, which I did and have 2 notepad results.

I noticed that this particular thread had been cancelled and wanted to know what to do with these results because I assumed it was important in fixing this issue.

It was then I came upon the post "everyone must read before they post anything here, so I did. I downloaded the Hijack this and have these results

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:05 PM, on 11/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEn... Read more

More replies
Answer Match 46.62%
A:It says Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.1. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE2. We Need to check for Rootkits with RootRepealDownload RootRepeal from the following ... Read more

21 more replies
Answer Match 43.68%

Hola,I am/was working my way down the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help thread preparatory to posting my first help request. Got thru all until I DL'd gmer.exe and opened it. Though the guide speaks in terms of the program simply opening - allowing one to make the 4 specified changes - and not immediately running, this does not happen for me. The program window opens, and resembles the screen shot in the guide, however, it immediately appears to start scanning, and then my PC locks up. I've deleted and re-DL'd from both DL sites thinking it may have been simply corrupted, no difference. Mouse cursor moves, but no interaction with desktop/taskbar/system tray/etc. icons at all. Cannot open start menu, etc., etc., nada. I does find 5 items and I'd tell you what they are except that the filenames, etc., are all clipped off and I can't expand the columns to read them 'cuz, like I said, everything's locked up at that point. Any help appreciated. Thanks.

A:Cannot create GMER log, PC freezes when GMER.exe is run

Hello,Don't worry about the GMER log. Please create a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them and the DDS logs. Let them know what happened when you tried to run GMER.Orange Blossom

2 more replies
Answer Match 32.34%

The last couple of days I have been trying to run GMER on my WIN 10 PC.
 
I am not shure if it is a GMER issue or my Pc.
 
When it starts the scan it only runs a few seconds then I get a full page message that windows will have to  produce a report,shut down and reboot my PC. It will collect some information and then close out and reboot the pc.
 
It does not give an error number but does state that GMER is trying to write something to read/only memory.
 
I sent an email but no reply yet.  Anyone else run across this?
GMER was written some time ago but maybe it will not work on 64 bit.

A:GMER and Win 10?

GMER is a specialized anti-rootkit tool for XP and earlier that should only be used by trained helpers - is there any reason why you are trying to run it on Windows 10?

3 more replies
Answer Match 32.34%

Everytime I use the internet (all browsers) my computer will either freeze up, or the internet will stop working even though it says it's still connected.DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 15:32:09.57 on Sun 02/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1436 [GMT -5:00]AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k eapsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k dot3svcC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared ... Read more

A:I ran GMER - now need help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script ... Read more

2 more replies
Answer Match 32.34%

hey guys....im running 32 bit vista home.....i originally needed help because my computer is running xtremely slow....when you click on anything it takes 7 or 8 seconds to react. also its taking forever to start up.

when i try to run dds it starts but eventually freezes

when i try to run gmer, it starts to scan, but after a couple of minutes, i get the blue screen of death.

so sorry for the inconvenience, i tried disabling script blockers and antivirus to no avail.

do you have any alternative suggestions

thank you so much in advance for any help

jeff

A:cannot run dds or gmer

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ... Read more

5 more replies
Answer Match 32.34%
Q: Gmer?

Hi-
I am trying to run all the programs that you said. I got to the GMER. I think it did a short scan thing at the beginning. Not sure if it stopped on it's own or if it stopped because it was frozen like you said it might do.

It did NOT ask me if I wanted to run a full scan. You said if it did to unclick certain things and then scan. Am I supposed to do that even if it didn't ask me to run a full scan? Because I started to HOURS ago, and it was still running. It doesn't show me how far it is in the scan so I have no idea if it's almost done or not. I finally had to hit stop because I have things I need to use my computer for. If I am and it IS supposed to take hours to complete, I can have it do it while I am at work. But please advise on if I really am supposed to run it or not.

I will be posting because my computer has greatly slowed down, and I got hijacked once so far. (Just in case that is pertinent to if I need to do this.)

Thanks!

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.80GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 7300 LE, 512 Mb
Hard Drives: C: Total - 238409 MB, Free - 187468 MB;
Motherboard: Dell Inc. , 0FJ030, , ..CN7082165NG0PO.
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled
 

A:Gmer?

16 more replies
Answer Match 32.34%

I ran Gmer and this is the result. Can someone please help me to understand it. I can't find any understandable info on it.Thanks in advanceBillGMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2009-02-12 10:58:12Windows 5.1.2600 ---- System - GMER 1.0.14 ----SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF7B104D0]SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF7B10520]---- Kernel code sections - GMER 1.0.14 ----.text ntoskrnl.exe!ZwCallbackReturn + 23BA 804F7686 2 Bytes [ B1, F7 ]---- User IAT/EAT - GMER 1.0.14 ----IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3680] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [017F7376] C:\Program Files\Mozilla Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)IAT C:\Program Files\Mozilla Thunderbird\thu... Read more

A:Gmer log

Hello Bill.There does not appear to be any items of concern.Are you experiencing any issues that prompted you to run GMER.With Regards,The Panda

4 more replies
Answer Match 32.34%

will someone have a look at this gmer log? I've had malware on my PC and I *think* I've got rid of it (used the malwarebytes prog) but, well, these things are never that straightforward (I don't think?) so will someone check it out?

A:Gmer Log

You appear to be hosting a spambot.

Please follow the instructs from this webpage:

http://www.techsupportforum.com/secu...oval-help.html

You shall have a proper set of logs for us after that. Someone shall be along shortly

* Kindly note that threads without the proper logs would likely be ignored.

6 more replies
Answer Match 32.34%

I started gmer and unchecked this:
Sections
IAT/EAT
Drives (c)
Show All

after that i clicked the "scan" button, it scanned a while but it stopped working when it scanned "Device/Harddisk/VolumeShadowCopy5

Why? Somebody know what to do? Please reply as fast as you know!

Thx //Luka

A:GMER help!

Please delete this...

1 more replies
Answer Match 32.34%

I read the new first steps post and downloaded GMER. Any tips on what I should do next?

Thanks!

A:GMER log - what to do now?

The first steps isnt just about Gmer. There were supposed to be 2 other logs. Where are they?

I see that you ran ComboFix on your own. Not a brilliant idea but since you have already done so, you might as well post that log. It's located at C:\ComboFix.txt

8 more replies
Answer Match 32.34%

Hello all, Comp is running fine. I have been reading up on rootkits. I was wondering if anyone took take a look at this log, and let me know if it is clear. I, realize y'all are busy. I'm in no hurry. Thanks Joecatchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-17 22:57:52Windows 5.1.2600 Service Pack 3 NTFSdetected NTDLL code modification:ZwClose, ZwOpenFilescanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...source file error: C:\Documents and Settings\Owner\ntuser.datscanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0Remaining Services :Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe""C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd... Read more

A:Gmer log

gmer logs are deat with in the HJT forum and only when asked. With my limited knowledge of gmer I say everything looks good

2 more replies
Answer Match 32.34%

I have read the instructions for asking for help removing malware and I am running into trouble running gmer.exe.

I download it from the places suggested in the "NEW INSTRUCTIONS" post, I extract it from the zip file, and I click on it. When gmer first comes up, it looks like it does in the attachment, gmer1.jpg.

The scan, copy, and save buttons overlap the area for selecting drives. When I uncheck "Sections" and "IAT/EAT" and press "Scan", nothing happens.

When I minimize the program and then bring it back up, it looks like it does in gmer2.jpg. There are no scan, save or copy buttons, and even if I try to click where they should be, nothing happens.

I apologize if someone has already posted about this, but when I tried to search the forums, almost every post had the words "gmer", "problems", and "scan."

Also, I have tried downloading gmer from both suggested locations and I have the same problem.

Any ideas?

A:bug in gmer?

Something may be corrupting your download, or something may be interfering with gmer's normal process. I've just downloaded it again, it's the same version as indicated in your image, and it's fine.

See if renaming helps., or use the file I've attached.

Open notepad and copy/paste the text in the quotebox below into it:


Quote:




@echo off
copy /y gmer.exe omer.exe
start omer




Save this as run.bat Choose to "Save type as - All Files" next to gmer.exe
It should look like this:
Double click on run.bat & allow it to run

Then, use these settings to produce a log.
If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

13 more replies
Answer Match 32.34%

http://www.techsupportforum.com/secu...ml#post2637659

Continuation of this thread...I turned off antivirus and the program froze in the initial startup stages. Is there any other way to fix my problem? This GMER program causes me to restart my computer if it doesn't blue screen it first.

Thanks

A:Can't run GMER

Hi jasonwwall -

Try running the scan in Safe Mode.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

2 more replies
Answer Match 32.34%

I get an txt file immediately after I open DDS.scr saying "This program cannot be run in DOS mode". Also when I try and open GMER it automatically runs and then the error report window pops up saying that "gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience".

However, I was able to run OTL and it gave me the following data log:

OTL logfile created on: 2010-03-03 18:40:41 - Run 2
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\johnd\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1,023.00 Mb Total Physical Memory | 511.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 200 300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.12 Gb Total Space | 17.72 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Comput... Read more

A:Cannot run either DDS or GMER

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.

Double-click TDSSKiller.exe and follow the prompts to run it.

When finished, it will prompt you to 'Close all programs and choose Y to restart or N to continue'.

Please type Y to restart your computer.

It will produce a log here > C:\TDSSKiller.2.2.7.1_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

Please restart your computer once more.

------------------------------------------------------

Rename dds.scr to dds.com or dds.pif and see if it wil run now. Please post/attach the logs.

------------------------------------------------------

I need to see a gmer log in order to help you. Please try running gmer again, this time also unchecking 'Files'. Make sure no antivirus scans are scheduled during the run.

If you still have trouble, run gmer again and click 'Save...' after the short ... Read more

19 more replies
Answer Match 32.34%

I am following the guide for Malware Removal Tool.Defogger and DDS have both run and logs are included with this post.When I try to run GMER in Vista, I "run" and "allow" in the security pop ups but GMER does not load.DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by gareth at 11:49:04.22 on 20/07/2010Internet Explorer: 7.0.6000.16945Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.1014.302 [GMT 1:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Internet Explorer\IEUser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\... Read more

A:GMER does not run

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Answer Match 32.34%
Q: GMER

Newbie here. I ran DDS and saved the 2 text files than ran GMER. Both times running GMER my system rebooted during the scan. Has this happened to anyone else, or am I doing something wrong?

Thanks

A:GMER

Good evening.

This isn't an unknown occurrence. I suggest you start a new thread and post the logs that you do have into it along with a brief explanation of any issues you are having and somebody will be along as soon as.

I'll lock this one for tidiness.

1 more replies
Answer Match 32.34%

Nothing in red or highlighted?

Does that mean you are good to go ?
here is a copy of the log.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-03 11:06:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC67
Running: q964853e.exe; Driver: C:\Users\HOGANT~1\AppData\Local\Temp\kfqdikog.sys
---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E905C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\HOGANT~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4292] kernel32.dll!CreateThread 7641279D 5 Bytes JMP 6E5B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\... Read more

A:Gmer log?

Hello samnetmegWhile the GMER log looks clean. Thar means you don't have the rootkits it looks for and not necessarily a cleann machine. So what is going on that makes you run GMER? We can run other tools to look further.If so we could use a bit more info...Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, fo... Read more

1 more replies
Answer Match 32.34%

http://www.bleepingcomputer.com/forums/topic402996.htmlOur computer has a redirector that attacks Firefox and Internet Explorer. It also attempts to contact several websites deemed malicious by MalwareBytes:195.14.112.19691.213.29.1566.45.255.230Whatever is resident has shut down MBAM and Microsoft Firewall at different times, although both are now running. MBAM, Symantec, Spybot Search and Destroy, and SUPER Anti Spyware have all failed to remove it. I was originally told to run GMER and SAS. GMER wouldn't run. I was then asked to follow the prep guide and instructions at this link on the second page of my thread. I followed the prep guide and GMER still won't run. I ran the Defogger first. I downloaded DDS from the link and that doesn't work, either. It opens a black screen and flashes some text too quickly for me to read it, then shuts down. It leaves no logs that I can find.

A:DDS/GMER

Hello CWJC, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.Please download then run the following programs in SafemodeNow reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computerYou will be brought to a menu where you can choose to boot into safe mode.Make sure you choose the option without networking support.Please see here for additional details. 1. Please download OTL from one of the following mirrors... Read more

25 more replies
Answer Match 32.34%

Hey, I've been having very suspicious activities with my laptop, mainly blue screens (Particularily when I ran GMER, Safe Mode allowed it to run, however.) And my Opera browser is telling me Google.com has "Permanently Moved." And gives me a link to click. I have the log files as requested, I hope you can help, thanks.P.S, I will also include the error message I got upon bootup after being blue screened whilst running GMER. QUOTEProblem signature: Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.256.48 Locale ID: 2057Additional information about the problem: BCCode: 1000008e BCP1: C0000005 BCP2: 82883EFE BCP3: 9AB77A44 BCP4: 00000000 OS Version: 6_1_7600 Service Pack: 0_0 Product: 256_1Files that help describe the problem: C:\Windows\Minidump\082410-38220-01.dmp C:\Users\Daniel\AppData\Local\Temp\WER-61557-0.sysdata.xmlRead our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104...mp;clcid=0x0409If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txtHere is my DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Daniel at 4:40:39.30 on 24/08/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2046.1343 [GMT 1:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:&... Read more

A:DDS/GMER Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

14 more replies
Answer Match 32.34%
Q: GMER

gmer When i download GMER it shows C:windows\system32\config, The system cannot find the file specified. I click OK. it then comes up with the scan window, when i select scan it comes up with C:windows\system32\config\system The process cannot access the file because it is being used by another process. On the r\h side Services, Registry, Files, C:\ and ADS are the only things with a tick by them. It will scan but just shows a blank screen and a box saying GMER has'nt found any modifacations.What do i send with the other 3 reports because this ones just blank. your help would be much appreciated.

A:GMER

Hi nobod, and welcome to Bleeping Computer.If you have a 64bit system, GMER's behaviour is normal (it's not compatible with 64bit systems)... Please post the DDS logfile, as instructed in the Preparation Guide...

2 more replies
Answer Match 32.34%
Q: Gmer

Hi Everyone,

I have seen that often times Gmer finds rootkits when Malwarebytes and SuperAntiSpyware did not, so I am thinking that I might want to run it some day as long as it won't cause any problems.

Can anyone tell me if Gmer removes found problems automatically?

If it does not, then I am thinking it would be safe to run it without expert supervision as long as the log was checked out by an expert before having it remove anything, is that correct?

Also, would anyone be so kind as to tell me what the symptoms of having a rootkit on a system would be?

Thank you everyone

A:Gmer

Hello Stang.Can anyone tell me if Gmer removes found problems automatically?GMER will not remove anything unless you direct it.Rootkit scans will occasionally produce false positives, so I don't suggest that you remove any items found without checking it over with someone.Also, would anyone be so kind as to tell me what the symptoms of having a rootkit on a system would be?There are many types of infections that use rookit components. It's very possible that you will have no symptoms.The TDSS rookit that is going around currently will produce redirected Google results and block security programs from running.With Regards,The Panda

3 more replies
Answer Match 32.34%
Q: Gmer

Hi all

A few months ago, I deleted my catchme registry entries thinking they were spyware-realted, based on some wrong information.

As a result I can no longer run Gmer (it crashes part way through the run process). I'd very much like to run it as it's a great security program.

Does anyone know how I could restore the registry entries? Unfortunately because it was so long ago I no longer have a restore point.

Thanks!

A:Gmer

What is your Operating system?

4 more replies
Answer Match 32.34%

In the steps to removing my opencloud virus, I was told to create two logs (one being a "gmer" log) because malwarebytes will not run. When I try to create that log, it does create but the screen disappears. i.e., i do not get the option to save it and send it to you. What do I need to do?

A:gmer log

You have posted this in your log, which is sufficient. http://www.bleepingcomputer.com/forums/topic420463.html/page__p__2419809__fromsearch__1#top

The trained malware helper that assists you will be able to better assist you, and answer your question. To avoid confusion and possible conflicting information I am closing this topic.

2 more replies
Answer Match 32.34%

When I try and run DDS I get a mesage saying " Windows cannot open this file File PEV.DAT"

When I try to open GMER it sayes there is nothing in the folder.

I have run Emsisoft Anti-Malware and it found a virus it can't remove.

something to do with net zero set up.

Please help.

A:Can't run DDS or GMER

Up date it's getting worse. Web browser went crazy. opening 28 new windows.

1 more replies
Answer Match 32.34%

hi to all,
 
this is the gmer log under rootkit/malware
 
i don't see anything suspicious but please take a look
 
thanks in advance
 
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-10-24 12:51:44
Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST250DM000-1BD141 rev.KC45 232.89GB
Running: x2gc5fkk.exe; Driver: C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\awayyaoc.sys
---- User code sections - GMER 2.1 ----
.text  C:\Program Files\PeerBlock\peerblock.exe[580] kernel32.dll!SetUnhandledExceptionFilter  7C810386 5 Bytes  JMP 004314E0 C:\Program Files\PeerBlock\peerblock.exe
---- Registry - GMER 2.1 ----
Reg    HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter                3450
Reg    HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help                   3451
Reg    HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter               3438
Reg    HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help                  3439
Reg    HKLM\SYSTEM... Read more

A:gmer log

Hello Nickko and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================
You have a version of Windows that no longer receives updates and don’t even have Service Pack 3, (SP3), installed: is there a reason for not having SP3?
Also, is there a reason that you think your computer may be infected? Is there something that is giving you concerns?
I’d like you to run another scan which will allow me to have a better look.Run Farbar Recovery Scan Tool
Please download Farbar Reco... Read more

10 more replies
Answer Match 32.34%

hi
have a vista sp2 64 bit
initial problem __ computer ran very slow and was unbearable to navigate around. took it to best buy and they want to wipe my hd but gave me no explination why but just to wipe out.

took initiative and did the following
downloaded malware bytes ran it and there were no infections found
ran the gmer got a log and then ran a dds and attach text file and got a log .
I am posting it on here and hoping that someone can help me .

first log is malware bytes
second gmer
third is dds and attach text
Thank you in advance .

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.01.05
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
[administrator]
Protection: Enabled
6/2/2012 10:09:21 AM
mbam-log-2012-06-02 (10-09-21).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359540
Time elapsed: 5 hour(s), 14 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

second GMER 1.0.15.15641 - GMER - Root... Read more

A:ran hjt,gmer and dds can someone help

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Not all slowness issues are due to malware. Is your lag in startup, shutdown, opening applications, or browsing?

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose No
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
Click Save log, and save it to your desktop.
Click Exit.
Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsski... Read more

14 more replies
Answer Match 32.34%

I did all the topic log told me. I want to know how use the Gmer log, ive attached also a Tjt log.GMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2008-11-20 21:58:57Windows 6.0.6001 Service Pack 1---- User code sections - GMER 1.0.14 ----.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamW 763FBD25 5 Bytes JMP 72785A3B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamW 76411FD5 5 Bytes JMP 727859C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamA 764380B2 5 Bytes JMP 72785A00 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamA 764383DD 5 Bytes JMP 72785A76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll... Read more

A:GMER LOG

Hello agallasWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

9 more replies
Answer Match 32.34%
Q: GMER

I am not sure whether my system is 32 bit so didn't know whether to download GMER. Also, I've attached the "ATTACH" log without zipping it because I don't see that i have onboard zip utility.

A:GMER

Quote:





Originally Posted by cheapbeatsnow


I am not sure whether my system is 32 bit so didn't know whether to download GMER. Also, I've attached the "ATTACH" log without zipping it because I don't see that i have onboard zip utility.





and welcome to the Forum

If you need help with cleaning out malware, Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 32.34%

I have been using this program for a while, but I can not see whether it finds any malware or not. It creates a long list under the malware tab, but after it is finished I can't see any option on removing, even after I close and re-run the program it just creates a list.
Can someone explain how to use this program?

A:How to use Gmer?

GMER is a stand-alone tool that will help investigate for the presence of rootkits. It will not actually tell you if you are infected or not unless you know what you're looking for. Official public information in regards to using GMER can be found here.If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you probably should not be using it. Some ARK tools like GMER are intended for advanced users or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.Incorrectly removing legitimate entries could lead to disastrous problems with your operating system. Why? Not all hidden components detected by anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, some anti-virus and anti-malware software (ProcessGuard, Prevx), CD Emulators sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both legitimate programs and rootkits can hook into and alter th... Read more

3 more replies
Answer Match 32.34%

I've done a scan with GMER and it showed a few results in the rootkit/malware tab but i can't find the files because there listed as threads.Also when i looked in the registry tab under HKEY local machine /software 85% of the files where in red which i assume means there effected with malware.Can you help please?

A:Help using GMER

GMER will not actually tell you if you are infected or not unless you know what you're looking for. If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you probably should not be using it. Some ARK tools like GMER are intended for advanced users or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.Incorrectly removing legitimate entries could lead to disastrous problems with your operating system. Why? Not all hidden components detected by anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, some anti-virus and anti-malware software (ProcessGuard, Prevx), CD Emulators sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both legitimate programs and rootkits can hook into and alter this table.API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If no hooks are active on a syste... Read more

1 more replies
Answer Match 32.34%

These are the results I obtained from a Gmer scan in safe mode. None of these were highlighted in red, btw is the red highlighting an indicator of harmful infection?GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2009-12-25 18:16:38Windows 6.0.6002 Service Pack 2Running: 9xibzucq.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002186d2c7c5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x0C 0xF1 0xA6 0xAE ...Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d2c7c5 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1Reg HKLM\SYSTEM\CurrentCon... Read more

A:Need some help looking at my Gmer log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 32.34%

Hey guys. I'm new here and have kind of a strange problem. I use AVG and I also have SuperAntiSpyware running at all times. I'm using Windows 7 and am on a laptop that is using a router to access the internet. Here's the problem: i think some website i went to had a script in one of the ads, because AVG popped up and told me that it blocked some kind of exe file from running. I got nervous so i did a full system scan with both AVG and SuperAntiSpyware. I came up with some cookies in both but nothing was unusual. I deleted all of that, as well as my internet explorer cache/history/etc. Ever since then, i periodically will get AVG popping up and telling me that it has blocked some kind of trojan, even though internet explorer isnt open. now the weird thing is, i use google chrome! anyway, i figured since AVG was blocking the trojan i didnt need to worry about it. i have to take the bar exam in 2 weeks so i'll just format my pc AFTER. i do so around once a year. however, this morning i woke up and AVG had blocked another one of those trojans, though this time i had also lost the ability to connect to the internet. This kind of worried me, as i need internet access on this laptop for the exam (to upload the exam file). I'd like to see if i can get rid of whatever keeps running in the background and triggering AVG. here are the logs. i should emphasize that i have rebooted since and was able to get back online, but i did run IE just once.... Read more

A:DDS / GMER Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

9 more replies
Answer Match 32.34%

Hi,I hope this is the right section to post this in..I am following directions for posting a log and on the step where I have to run gmer.exe I get a blue screen and my computer restarts. After boot up i get a message saying "windows has recovered from an unexpected shutdown". Below this screen it gives more details.Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.256.1 Locale ID: 1033Additional information about the problem: BCCode: 1000008e BCP1: C0000005 BCP2: 88EB7586 BCP3: 8B1DBB94 BCP4: 00000000 OS Version: 6_1_7600 Service Pack: 0_0 Product: 256_1Files that help describe the problem: C:\Windows\Minidump\061310-30108-01.dmp C:\Users\Goga\AppData\Local\Temp\WER-76643-0.sysdata.xmlRead our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104...mp;clcid=0x0409If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txtCan someone please help me with this problem?

A:Can't run gmer.exe

Firstly why are you running GMER,do you know what do do with the info it produces.But if you do need to run it you can try in safe mode or uncheck devices

4 more replies
Answer Match 32.34%
Q: gmer

When i download GMER it shows C:windows\system32\config, The system cannot find the file specified. I click OK. it then comes up with the scan window, when i select scan it comes up with C:windows\system32\config\system The process cannot access the file because it is being used by another process. On the r\h side Services, Registry, Files, C:\ and ADS are the only things with a tick by them. It will scan but just shows a blank screen and a box saying GMER has'nt found any modifacations.
What do i send with the other 3 reports because this ones just blank. your help would be much appreciated.
 

More replies
Answer Match 32.34%

i followed all of the steps to a T. but when i got to the step where i am supposed to run gmer, the "windows security alert" stops anything from happening. it totally stops it.
thank you for any help on the subject.

A:i cannot get the gmer to run

Hello,If you were able to create the DDS logs, please create a NEW TOPIC and post it ==>HERE<==Orange Blossom

2 more replies
Answer Match 32.34%

Hello all first off i was glad to see this forum is still kicking i had a problem over 5 years ago and found great advice here any way the problem......when trying to open any of my browsers i am getting the microsoft windows error message internet explorer or firefox or safari has stopped working ... a problem caused the program to stop working correctly. windows will close the program and notify you if a solution is available. bla bla bla.

I tried to follow the instructions on making sure not to have any type of emulator on my computer but when i try and run gmer i get the same error msg as for the browsers.


Adding insult to injury i've spent the last hour downloading all these tools on this laptop and burning them to cd because my lovely swears she put the jumpdrive back in the drawer

so i'll post my hijackthis log hopefully someone see's something from there
ohh and i run a avg anti-virus and ad-aware.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:04:11 PM, on 1/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\mobsy... Read more

A:can't run gmer !!!!!!

Hello and welcome back to TSF.

During the five years you've been away from the forum, the malware evolved in such a way that HijackThis is no longer sufficient for analysis of malware.

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed to place you in the queue.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 32.34%

(somebody moved my post from the "general security" forum to this forum.. i think it would be more appropriate for it to be in the "general security" forum)

hello.. i think this is my first post in the forum..

i have a question about using GMER..

i notice that, sometimes, when people say to run a scan with GMER, they say to untick the option for scanning for "IAT/EAT" and i would like to know why? what difference does it make? what is "IAT/EAT" ?

on another note, i noticed that the newer versions of GMER have a box for "3rd party", in the column, on the right side of GMER's GUI, under "ADS".. also, in the latest GMER-releasenotes, it says "added third-party software component scan".. does anyone know what it means by "added third-party software component scan", or what the "3rd party" box is for, under "ADS"?

on another note, i notice that, when i run a scan with GMER, some errors are generated in windows "events".. i am wondering if that is normal, if other people see the same "errors", or if the "errors" suggest that their is a problem with my computer? here is what the "error", in windows "events", looks like:
Code:
Event Type: Error
Event Source: atapi
Event Category: None
Event ID: 9
Date: 1/31/2014
Time: 8:31:30 AM
User: N/A
Computer: XXXX
Description:
The device, \Device\Ide\IdePort0, did not resp... Read more

A:GMER Help

9 more replies
Answer Match 32.34%

Hi everyone, as you can see I am new to this forum and I have not just joined to post my logs, I thought that this place is quite interesting and would like to join it. I am not a noob at computing and I have quite a bit of experience in it.

It all started with the seneka trojan, then I got a few more little ones which I can't remember. This happens rarely because I am quite secured and I know where on the internet I will get these kind of things.
I have scanned my pc with the following anti-viruses and anti spywares:
Super anti-spyware
Malwarebytes
zone-alarm anti-virus/spyware
Eset online scanner
combo fix
f-secure online scanner

Super anti-spyware, combo fix and zone alarm helped me the most because they removed all of it. These logs are just to make sure there arent any left. Btw, I have turned off the system restore because they were infected. I have yet not used root repeal though.

I have examined these logs myself, but I am not 100% sure if i have analysed it properly. I have not used Gmer before, so thats why I am asking you to help me.
I am aware that I have a LSPCWW.dll missing, because it was infected, I will fix that later, I know how to do so. Is there anything else that looks infected in these two logs?
Can you also tell me exactly which ones are infected? Because I want to gain some experience from this.

Thank you very much.

P.S. I am a little conserned about the reg findings at the bottom of the Gmer log and the spes.sys.

sorry that i attatched t... Read more

More replies
Answer Match 32.34%

Ok, I was redirected to do this step, however, are the instructions wrong???

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Show all is not checked already.. Should it be checked instead of unchecking it as the instructions indicate??

A:Using GMER

Quote:




Should it be checked instead of unchecking it as the instructions indicate??




Nope, it should remain unchecked if it is already unchecked. We'll look again at the instructions and latest version of gmer, thanks.

When you're ready, please create a new topic with your logs, as I currently have as many open topics as I can effectively handle. I replied to answer your query about gmer so you'd be able to continue.

Thanks.

2 more replies
Answer Match 32.34%

I broke the cardinall rule in this forum as I know now. i ran the combo fix before gathering and posting all my logs first. Soo i am now trying to gather all my logs to post and the last one to run is the GMER log and when it comes time to save it to the desktop I then name the file ark.txt and hit the save button and the program stops responding and does not finish saving the log to the desktop. I thought maybe i was being impatient so i left it over night and still nothing. the screen was still showing the save window but it still was not saving the log. I have tried numerous times. please help.

A:GMER log

Ok let's do this.You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Skip the GMER log post your ComboFix log instaed if you can.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

3 more replies
Answer Match 32.34%

Hi,

I believe my computer is infected with Lord knows what. I have tried to follow the process however am stumped already; DDS will not d/l and Gmer.exe runs however does not allow me to save the file [after it is done scanning it just shuts off].

Please help. Windows explorer is also acting up; whenever I type into google and then click onto the link it redirects me to some random site. My AVG virus scan also refuses to run and any programs that I wish to uninstall and delete refuse [I click the uninstall button in 'add and delete programs' and nothing happens...the program still there].

Again please help.

A:DDS nor GMER will run

I am unsure if this is wrong to do- but I saved a copy of the ark.txt file that is asked of me, while it was scanning. It seems if I wait until the full scan is done, it just closes and I don't get any options to save or a msg informing me that the scan has been completed.

Therefore, I am attaching the ark.txt from the gmer.exe that I could get my hands on- I hope this will suffice.

Thanks in advance.

19 more replies
Answer Match 32.34%

I'm trying to figure out how to gmer to get rid of a rootkit on a friends computer. She got a popup that was a fake virus scanner and clicked on remove files which install the fake virus scanner.

The BSOD ensued so I booted in safe mode and uninstalled the program. I ran malware bytes and cleaned what malware found. I then ran combofix and cleaned what it found. Combofix told me to take note of two *.sys files and after some research discovered that the files were part of the Seneka rootkit.

So I downloaded Gmer and ran it. The scan showed an infected Module, and two harmfull services. How can I edit these files without destroying Windows??
 

More replies
Answer Match 32.34%

Hi, two days ago, i have search redirect and malware removal software issue, today i removed them with tdsskiller. Please look at the detail in topic: ""malware: google yahoo redirect and can't launch malware removal software""Now i just want to make sure my system is clean, and good to go for my co-worker to use.Please advise,TommyHere is the log from DDS and GmerDDS (Ver_10-03-17.01) - NTFSx86 Run by glenn at 18:30:36.51 on Mon 10/04/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.556 [GMT -7:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\NETSUP~1\client32.exeC:\WINDOWS\Sy... Read more

A:my gmer log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 32.34%

I've just installed GMER and scanned my computer with it and got about 25 entries. My impression was that if the entries are in red, then I should get rid of them. I didn't have any red entries. Does that mean that I'm OK? There doesn't seem to be much around on how to use Gmer. Any suggestions on how to use this program? Many seem to think that it is good. Thanks.
 

More replies
Answer Match 32.34%

Every time i use a search engine i get redirected to some different website.. i've downloaded Gmer and here's the log i got.. what should i do now? GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-06-06 14:01:24Windows 5.1.2600 Service Pack 2Running: oh6mt5og.exe; Driver: C:\DOCUME~1\Jay\LOCALS~1\Temp\pxldypob.sys---- System - GMER 1.0.15 ----SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAA7E3A60]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAA7C8BF0]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAA7E5920]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAA7C4F60]SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xAA7D0090]SSDT \??\C:\WINDOWS\system32\drivers\Sa... Read more

A:GMER LOG

Hi jay2300cee,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please perform the following scan:Download DDS by sUBs from the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run. When done it will open two logs:DDS.txtAttach.txtCopy and paste the logs to your reply.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

2 more replies
Answer Match 32.34%

Computer restarts randomly. Ran GMER log

A:GMER log

Greetings zacharycat and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do no... Read more

3 more replies
Answer Match 32.34%

im being hacked. here are my logs


DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by user at 14:15:13.79 on 2009-09-20
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1486 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [StormCodec_Helpe... Read more

A:DDS and GMER log

?? what am i suppose to do?

1 more replies
Answer Match 32.34%

My computer is presenting me with the same problems as outlined in my previous post. Here is a copy of the DDS log that resulted from the scan:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by Guest at 16:07:39 on 2012-06-06.============== Running Processes ===============..============== Pseudo HJT Report ===============.uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9uWindow Title = Windows Internet Explorer provided by Yahoo!mWinlogon: Userinit=userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (... Read more

A:DDS and GMER Log

My computer is steadily getting worse. Firefox crashes suddenly, turning black, my computer screen refuses to turn on after being asleep, everything "stops responding," and my task manager window has no red "x" (exit), minus sign (minimize), or restore button at the top.

47 more replies
Answer Match 32.34%

I read the sticky on how to ask for malware help and was going through the procedure. I downloaded DDS and saved the two logs to my desktop. But when I downloaded gmer.zip I had problems. I saved it to my desktop and extracted it to my desktop. gmer.exe appeared like it was supposed to but when I click it I get a message saying "gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience." and it doesn't even open. I've deleted it and downloaded a few times with the same problem can someone help me or tell me if there is an alternative way to get malware help without gmer????

A:gmer help

Hi elblankito
Start a new topic and do post the log's you have, Ill close this thread, im doing this so your new thread will retain a 0 post status, with such your more likely to recieve help.

1 more replies
Answer Match 32.34%

I am helping a friend out that has downloaded the personal anti virus and he has voices running from his computer on and off. I was able to download the DDS program and GMER, however GMER will not run?? Please help me out...the DDS log is below and attached.... Jon


DDS (Ver_09-07-30.01) - NTFSx86
Run by kevin fitzpatrick at 19:47:26.62 on Mon 09/21/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.177 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv... Read more

A:DDS Log but GMER will not run???!!

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you.

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any... Read more

2 more replies
Answer Match 32.34%

I have been getting a jqsnotify.exe popup box in firefox whenever a new window was opened. I use firefox only, and internet explorer opens up in the background on it's own. Sounded like a video was playing in the background until I used ctrl+alt+del to stop internet explorer.

Tried to run DDS and GMER, but GMER would not run, double click and nothing happens.

Please help.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 9:57:19.54 on Sat 05/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe... Read more

A:Can not run GMER

Greetings gt0279a and Welcome to the Forums,

Try to rename GMER.exe:
to gt0279a.exe
...or you can try to run it in safe mode. Post back your results. Thanks!

19 more replies
Answer Match 32.34%
Q: Gmer

Found this while running Gmer!

---- Processes - GMER 1.0.15 ----

Process bash.exe (*** hidden *** )

I think I may have a rootkit and malware!

Please Check!
 

More replies
Answer Match 32.34%

First before anyone tells me to try to run these tools I have tried. I have posted here a week ago and no one responded. If you guys cant help then please post that and I will reformat the machine and re-install.

I thought someone might be interested this is a very unique issue that I cant find a way to run the tools. The issue is that if you run gmer.exe or rkill.exe or any other .exe it gives you a "program too big to fit into memory error" in the command prompt. Trying to run DDS.scr or anything .scr gives you "this is not a valid win32 application" A .com etension and a.bat extension gives the same "not a valid win32 application"

I tried to run HijackIt.msi, or any .msi I get a XP software restriction error. Basically I cannot run anything.

I tried to run ESET online scanner and it became re-infected rather quickly even while ESET was running.

Finally I tried running avira rescue cd to no avail. Apparently they have changed all file associations and permission etc. I looked at the local security policy and I dont see any software restrictions.
I was able to get malewarebytes to run in safe mode, and it appears to have removed the XP antivirus 2012 as I can work with it. But connecting it up to the internet it gets re-infected.

Right now I have it in a DMZ hanging off my ASA so it wont affect anything else, but I cant hook it up to the internet it will just get infected again. One process i saw come up was yki.exe and then the XP an... Read more

A:Cannot run DDS or GMER

Your other topic is here: http://www.bleepingcomputer.com/forums/topic406443.html

Please be patient. There are nearly 400 unanswered topics in this forum at present and the current average wait time to receive help is 14 days.

1 more replies
Answer Match 32.34%

I just have a gener al question about interpreting GMER logs. My system is not doing anything tragic, it is a little glitchy.There are a few entries with "?" marks. These are worth examining?Also one with a USBPORT.SYS!DllUnload label.and a few with the word "hook" in them.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3124] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3124] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3124] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3124] USER32.dll!UnhookWindowsHookEx... Read more

A:GMER Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

5 more replies
Answer Match 31.92%

I am having serious problems with my pc and it is showing signs of a virus. There aren't too many symptoms to describe here but, it directs me to a fake walmart ad when I open IE Explorer and it will not allow me to access Windows Update. It also freezes the machine altogether. I ran Malwarebytes and it found Rootkit.agent and Trojan.dropper - both quarenteened. I have successfully downloaded DDS, GMER and RSIT, but when I attempt to run DDS or GMER they hang the machine indefinately (i.e. overnight). I was able to run HijackThis and I have included the HJT Log for review. Otherwise, I have taken all of the steps to prepare for assistance.

Any and all help will be greatly appreciated.
Logfile of random's system information tool 1.08 (written by random/random)
Run by DJ at 2010-12-17 20:18:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (67%) free of 38 GB
Total RAM: 511 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:41 PM, on 12/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\ICVERIFY\ICWin404\Jca... Read more

A:Uable to Run DDS or GMER

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Answer Match 31.92%

Hi! Whenever I run GMER my computer just stalls. Any ideas why? I've followed all the instructions listed prior to using it. Thanks!

A:Problem with gmer

Sometimes this just happens. It can be due to interference from resident security programs. It can also be due to infections which may be present.

You can try to run the scan in Safe Mode.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account.

---------------------------------------------------------------------------------------------

If still no joy, post what logs you can in your new topic, and let the helper know you've encountered issues with GMER.

3 more replies
Answer Match 31.92%

When I open GMER it opened and ran a full scan right away I wasn't able to uncheck those boxes. Then my computer went to a blue screen and said a fatal error occurred so I shut it off. Also when I check my windows protection it say I have none. I don't know what to do. The dds.Cr went well. Thank you in advance for all your help.

A:Trouble with GMER

Maybe someone can help me. I am not a total idiot when it comes to computers, but I am not real savvy like most of you guys. I know the basics but when it comes to the real technical stuff it makes me nervous. I am always I afraid I am going to screw something up. I read the new instructions and did all that. The reports went well. When I opened GMER it started running a scan right off (should it do that?) then went to a blue screen and said a fatal error had occurred so I shut down. I don't know what to do next. Should I take it in some where or what? Also I have 2 partitioned hard drives C and D on one. C having the OS D having rare music videos. G and H on another drive with pictures and music videos. Can I back up D,G and H without backing up the malware? I am writing all this on another computer. Also it seems like I have no control of my security and all these anti virus programs try to run scans. Will any of them really work in fixing my machine? I will be grateful for any advise. Happy holidays and thank you in advance Chris.

7 more replies
Answer Match 31.92%

I attempted to run gmer yesterday starting around 5pm, and my CPU usage went up to 100% and stayed that way for nearly 24 hours. I clicked the save button around 1:20pm today after the program stopped showing files in the bottom information bar. I wasn't running any other applications aside from the task manager the whole time gmer was scanning. I never got a Rootkit activity warning, but it did list several files; most of them associated with R. R is a statistical software package I use from time to time.

Should I try to run it again? I do have loads of programs on my computer... How long should this program take to scan my computer?

A:gmer question

24 hours is too long. You could try re-running it with the "Files" box unchecked to see what difference that makes.

5 more replies
Answer Match 31.92%

I've downloaded them both but the virus keeps them from running. I've also noticed certain programs on my pc aren't opening as well.

A:I can't get dds and gmer to work at all.

What is the exact message you see when you try to run those tools.

19 more replies
Answer Match 31.92%

Hi all

I'm new to this site. I was following the instructions for posting and when I got to the GMER.exe part, the rootkit/malware window had most of the choices grayed out. Not sure if this is a Win7 64 or a program issue? I tried running in admin mode with same results. Does this matter, since according to instructions, everthing that wasn't supposed be enabled wasn't.

Thanks in advance

A:GMER issue

Hi braddds, and welcome to Bleeping Computer.If you read the instructions thoroughly, you would see this statement: Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and should skip to the next step.If you need help with malware issues on your computer, post the DDS logs...

2 more replies
Answer Match 31.92%

i tried to scan with gmer.exe downloaded from this forum but it shows error message "C:\Windows\system32\config\system: The system cannot find the file specified", all boxes from System to Libraries are greyed out thus I can't check 'Section'. not sure if i can go ahead to do a scan.
I've already shut down antivirus and have got no CD emulation tools installed.
How shall i continue?

A:can't run gmer.exe properly

We only see that message on 64-bit systems - what OS is this and is it 64 bit? Or is it actually Windows 98?

7 more replies
Answer Match 31.92%

Hi there. This was my original post:
Hello there. I have a Toshiba Satellite Pro laptop that runs XP. In the last month or so I've found myself needing to free up memory in the hard drive as I started to get the

"Low Disk Space.
You are running out of disk space on (C:) Local Disk. To free space on this drive by deleting old or unnecessary files, click here ..."

message. After this happened a few times and after freeing up many gigs of space I realised that the PC is running out of much more memory than i was using. Eventually I got down to a few hundred MB and the sound laptop's sound stopped working (unless I used my external soundcard) and the PC shut itself down after being on for ten minutes.

A week or so ago I was getting quite a lot of messages saying that some programme from the internet was trying to acces my computer (like you get when downloading something) and everytime I boot up I get a message saying something like "a programme is making repeated attempts to change your default search browser".

I searched through some previous threads b4 posting. Someone witgh a similar problem was asked about 'memory cache' tab in My computer but I can't see one on mine.

I've done the usual things like clear my temp internet files. I freed up 10gigs 2 days ago and have hardly switched the laptop on since so that memery is still there but it'll start decreasing soon I'm sure. I use Utorrent from time to time and have a couple of c... Read more

A:Logs for dds and Gmer

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

17 more replies
Answer Match 31.92%

When i start programonly services registry and files can be checked or unchecked all other boxs from system to libraries are grayed out???

A:Unable to run gmer

Are you using a 64-bit OS? If so, be aware that GMER is not fully 64-bit compatible, therefore it is not a useful tool for such systems. Although GMER can run on a 64-bit version of Windows only registry, services and files can be scanned...other options are grayed out.

1 more replies
Answer Match 31.92%

Is there a version of GMER for Windows 7? The version from the Malware sticky link doesn't work. It's looking for windows/system32!

A:GMER for Windows 7?

Hi -

Are you running Windows 7 x64 or x86?

If x64 - GMER is a 16-bit app; 16-bit apps cannot run under Windows x64 OS.

Regards. . .

jcgriff2

.

3 more replies
Answer Match 31.92%

Hi all i'm new on here.

I was just wondering, I install GMER program and ran it and it found some viruses does it remove the viruses and if not how do I remove it.

A:Get a question about GMER.

GMER is a tool used by those personnel in our forums dealing with malware.

If you have a malware problem...I suggest that you initiate questions, circumstances, etc. in the appropriate malware forum.

I will now move your thread to the Am I Infected forum here at BC...good luck .

Please follow administative and other instructions you receive in the Am I Infected forum, from this point on.

Louis

1 more replies
Answer Match 31.92%

My computer is giving me 2 messages in the taskbar. One of the messages displays a yellow triangle with an exclamation and says "You are running a trial antivirus software version. Activate your antivirus software copy to get full-time antivirus protection. Click on the message to ensure the protection of your computer." The other message displays a red circle with an X in the middle saying "Danger! It is strongly recommended to remove all detected viruses to protect your computer against existing security threats. Click on the message to ensure the protection of your computer."

The computer also freezes randomly. When I try to hit ctrl + alt + delete, I'm told that the Administrator has disabled that function.

Also - these icons appear on my desktop: "troj000" "spam001" "spam003". I can delete them, but they end up re-appearing after a few minutes.

Since I am unable to run GMER.exe, I was only able to get the two reports that came from running DDS.exe. I've attached the two reports in case they are needed.

Thank you very much, in advance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Frankie at 15:08:58.89 on 03/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.159 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes =... Read more

A:Can't even run GMER scanner

Hi smithf3 and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread (if you haven't already) to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

17 more replies
Answer Match 31.92%

Hi there, I'm not able to gmer the system at all, the program starts, does a few minutes and then freeze, only way to regain access to pc is re-booting it

I managed to clean a few viruses using avira, but I think there must be something else creating problems randomly.
Thanks in advance for your time
DDS (Ver_10-12-12.02) - NTFSx86
Run by Roland at 21:18:37.56 on 10/02/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2418 [GMT 0:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled*
FW: AVG Firewall *Disabled* <<<< Edited to mention that AVG and all his componets were uninstalled, no longer on the system >>>

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Progr... Read more

A:Not able to GMER the system

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers ... Read more

8 more replies
Answer Match 31.92%

my system has aquired a virus over the last week or so redirecting my searches and slowing the system down it also somehow turned my protection off
i would like to post some logs and get help but for some reason i cannot get gmer to run i keep getting gmer has encountered a problem and needs to close msg
pls help.

A:gmer fails

What Operating System is this?

How far does it get before it crashes? Are you able to save the initial scan?

If not, try running it in Safe Mode, if your Safe Mode is working.

If you still can't get it to run, post the dds.txt and attach.txt

19 more replies
Answer Match 31.92%

I'm almost through the steps of the preparation guide so I can get help removing SSupdate64 Trojan that I found
on my computer. I backed up my files and saved the DDS log. The last step is running GMER. When I open it
it gives me the message c:\windows\system32\config\system cannot find file.
What do I do about this?


thank you for your time.

A:GMER not working?? what to do

That error can be indicative of running GMER on a 64-bit Windows version. Anti-malware scanners and many specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly.If that's the case, just skip that step and continue with the next.

3 more replies
Answer Match 31.92%

I ran DDS, obtained the 2 required logs already. However, I cannot run Gmer because my computer automatically restarts whenever I start the program. It crashes every before Gmer can even complete it's initial scan.

Just a short summary of my problems...
-Redirects when clicking link
-Pop ups
-Computer restarts(or BSOD) when I run certain platforms like Steam(a gaming platform... and also when I run Gmer.)
-After a restart, pop up on the bottom right says "Cannot reconnect all
network drives" every time.
-I do not have access to installation CDs or anything

I will also not have access to this computer in about 20 hours time. I will only be able to access this computer again in 10 days time.. sorry for the trouble. If you feel it's better to lock this thread and for me to post a new one when I come back, please feel free. BUT please advise on what I should do about not being able to run Gmer so I can do it straight away when I come back.

Thank you!

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by sam at 19:04:46 on 2011-06-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2386 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Clien... Read more

A:Cannot run Gmer despite numerous tries.

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

I do not presently need the GMER log.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be autom... Read more

17 more replies
Answer Match 31.92%

This is the DDS log file.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Owner at 2:48:23 on 2011-07-15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2044.948 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Syste... Read more

A:DDS logs and the GMER log

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Gmer looks fine so let's run a couple of removal tools first upPlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close... Read more

2 more replies
Answer Match 31.92%

I do know that it's one of the viruses (virii?) that claim to be an antivirus program. I'm in safe mode with networking--when it popped up I shut the computer down and switched in the hopes that I could get back and get rid of it quickly.
When I try to run Malwarebytes Anti-Malware or Gmer, they shut down after a few seconds. I didn't catch what they were scanning when it happened, and now I'm told windows can't access them.
Any help would be appreciated.

This is my dds.txt file:

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Cat at 15:27:32 on 2011-08-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.619 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\1651672650:3044642205.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c... Read more

A:Gmer and Malwarebytes won't run

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

16 more replies
Answer Match 31.92%

DDS log file here.
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Owner at 1:35:42 on 2011-07-23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2044.940 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\Ant... Read more

A:DDS logs and GMER log

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

3 more replies
Answer Match 31.92%

Hi there, I've been following the "first steps" and completed all but the gmer.exe....I've downloaded it and unzipped it but when I click to run it nothing happens.
thanks

A:gmer.exe not working

Don't know if this helps yet but here it is:



DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by tballs at 13:54:29.14 on Wed 01/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1647 [GMT -8:00]

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\tballs\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D... Read more

5 more replies
Answer Match 31.92%

Ran Malwarebytes bout a week ago before I got here and it found some bugs.
I just deleted them and didn't pay attention to what they were.
Ran HJT and found this great place.
I've followed the tutorials and have DDS.txt and attach.txt on the desktop.
Also have Superantispybot downloaded but have not run it yet.
Downloaded gmer but it wants to lock up.
Don't know what to do next.
Thanks so much for the help!

A:gmer locks up

Hello, lets look at the MBAM and SAS logs first.MBAMThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.SASTo retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.What issues is your machine having?

1 more replies
Answer Match 31.92%

Can anyone direct me to some info on using the GMER.exe program for root scanning? Thanks!

HP pavilion g6-2225nr
Win 8 X64 6.2.9v IE 10
Norton 360 2014

A:GMER program

Info here: How to use Gmer? - Anti-Virus and Anti-Malware Software

   Warning
If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you probably should not be using it. Some ARK tools like GMER are intended for advanced users or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.

3 more replies
Answer Match 31.92%

Ran Malwarebytes bout a week ago before I got here and it found some bugs.
I just deleted them and didn't pay attention to what they were.
Ran HJT and found this great place.
I've followed the tutorials and have DDS.txt and attach.txt on the desktop.
Also have Superantispybot downloaded but have not run it yet.
Downloaded gmer but it wants to lock up.
Don't know what to do next.

A:gmer locks up

Skip the gmer scan, but mention the problem with the gmer scan in your post. Go ahead and post in the appropriate forum, not here.I presume the "tutorials" that you mention is the Prep. Guide, and that you intend to post in the Logs forum:please follow the instructions in thePreparation Guide For Use Before Using Malware Removal Tools and Requesting HelpWhen you have done that, post your log in the "Virus, Trojan, Spyware, and Malware Removal Logs forum", NOT here, for assistance by the Malware Response Team experts.Good luck with your logs.

1 more replies
Answer Match 31.92%

I started getting some help with my problem over at daniweb, but I think I'm having problems that I might need some backup on.

Whole story:
about a week ago, iexplore.exe started running itself in the background (had audio playing once, never visible windows) and if I clicked on a google link, the first 3 times it will redirect to somewhere else. I installed an extra seat of Norton 360 that I had, ran it, malware bytes, & spybot, and found some things, including a genrouge at one point, all with my system restore turned off, but it never fixed the symptoms. I started getting some help over at Daniweb (here's my thread: http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/398176 ) and that's when I started hitting some REALLY odd dead ends.

I ran GMER, but got an error 0xC000010E about not being able to create a subkey under a volatile parent subkey. I can continue, but only a few of the scanning options are available. This happens in normal boot and in safe mode (no networking, no command line)

I tried to run DDS.scn, and first it ran as an autocad script, which only opened notepad and flooded it with non-alpha numeric text. After running a file the guy at Daniweb gave me that added something to my registry, it ran... and about 75% (it seems) of the way through (The #'s line up across the screen until they are under the R and E in "post the log in the forum wheRE it was requested") and it ... Read more

A:Think I've been rooted, cannot run DDS or GMER

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

1 more replies
Answer Match 31.92%

Hiya I have some problems and I was working through the new instructions page trying to get the log and stuff and have tried to scan with dmer and every time it scans for about 3 secs and then my laptop restarts. What do I do to try and stop this happening and what does it mean for my laptop :S

Thanks

Oh and here is the dds scan thing..



DDS (Ver_10-03-17.01) - NTFSx86
Run by Goldfish1000 at 18:45:49.40 on 01/10/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2038.1006 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Progra... Read more

A:GMER won't scan

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------


Quote:




C:\Users\GOLDFI~1\AppData\Local\Temp\4i9ls7aa.tmp\dds.scr




Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.

------------------------------------------------------

It appears you didn't attach the second dds log, Attach.txt, to your initial post. I need to see it in order to help you.

------------------------------------------------------Please download Rootkit Unhooker and save it to your desktop.
Right-click RKUnhookerLE.exe and choose 'Run as administator'.
Click the Report tab, then click Scan
Check Drivers and Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close then Yes
Copy the entire contents of the report and paste it in your next... Read more

17 more replies
Answer Match 31.92%

I have done everything except for the gmer thing
When i double click it says gmer.exe has stopped working
heres what i have though

DDS (Ver_09-12-01.01) - NTFSx86
Run by David at 22:52:03.42 on Sun 01/03/2010
Internet Explorer: 7.0.6001.18000
Microsoft?Windows Vista?Home Premium 6.0.6001.1.1252.1.1033.18.3062.1803 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Windows\system32\svchost.exe... Read more

A:Gmer problem

Hello -

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

18 more replies
Answer Match 31.92%

I don't even think is any antivirus software on this computer but the rkill did stop the antivirus balloons and the updating window from re-appearing. Rkill also made it so that I can now access the programs in my control panel. Rkill didn't change the way the computer ran IE, the DDS file, or the GMER. They still won't run. Any suggestions?

A:ran rkill, still cant use dds/gmer

Hi,

Please rename DDS.scr to Firefox.com and run again and post the log if successfull. If it still doesn't run, try this tool instead:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

===========================

For GMER, let's try this special version. If it still doesn't run, try running it in Safe Mode:

Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in t... Read more

19 more replies
Answer Match 31.92%

I cannot run gmer.exe superantispyware.exeWINXP SP3 running AVG Network and SpybotHad popups that said Antispyware needed"Exception EfOpenError in module aviWUSB54GC.dll at 0000DB5F. When I logged on today there were 75 of them DDS (Ver_10-03-17.01) - NTFSx86 Run by ddk at 12:27:32.43 on Sat 04/03/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1411 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Barracuda\Web Security Agent\UpdaterService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\MSN\Toolbar\4.0.0390.0\mstbsvc.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exeC:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exeC:\PROGRA~1\SAAZOD\SAAZScheduler.exeC:\PROGR... Read more

A:gmer.exe won't run Possible spyware

Hello roseville99,Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Once you have run Malwarebytes, try running Gmer again then please post back with the MBAM log and Gmer log, if you get it to run.Thanks

18 more replies
Answer Match 31.92%

Hi,
I have read all of the posting guidelines, and I apologize that I can't follow them. I have downloaded dds and GMER, but the virus attacking my computer won't allow me to run them. Additionally, CTRL, ALT, Delete is not working, as it is interrupted by pop-ups.

I got a virus last week from ninjavideo. As I needed my computer for schoolwork, I took it to a local tech and had it fixed for 135$. After I got it back, I installed PC Tools spyware doctor- not going to any other website. PC tools told me I was still infected, while AVG, Malwarebytes, and windows security essentials all registered nothing. (I have tried to uninstall these as per the site instructions leaving only AVG, but this virus won't let me).

Tonight, the virus appears to have reinfected the system. How can I stop the virus long enough to try to follow some of the advice on this forum?

Additional Info on the virus problem: Whatever I try to execute, I have a popup, appearing like a windows notification in my tooltray, saying windows reported that the computer is infected......Anitvirus software helps....click to scan computer now.

There is also a windows appearing box reading: Infiltration alert, your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan- dropper, or similar. Details: Attack from 131.1.62.180 port 15575 Attacked port 39696 Threat Win32/Nuqel.E Do you want to block this attack.

Third box changes depending on the actions I am taki... Read more

A:virus: can't run dds or gmer

Hi,
I have been reading the forums and have made some progress on this problem.

For anyone else having this problem of not being able to execute any files: rkill seems to have worked, but it took a lot of patience, and I had to try rkill.exe and rkill.scr multiple times before rkill.exe fully finished. While I still had pop-ups and error messages, I was able to run programs.

Also, I had AVG open by chance when the virus hit and it was running a scan. If I had tried to open it after getting the virus, it would not have worked, but when it finished the scan it gave me the option of removing threats, which I did. Then AVG prompted me to restart, which I also did.

Upon restart, the virus resumed pop ups. I ran rkill again multiple times, and eventually was able to execute programs. Ran AVG again, removed viruses again. Not currently getting pop-ups, but I have no idea if this means my system is clean or if this virus is just currently turned off thanks to rkill.

I ran GMER several times. The first two time nothing ever happened, so I stopped the scan. The last time, the scan finished and GMER popped up a message saying there was nothing found. I clicked save, and titled the file ark.txt, but when I opened it, it was empty.

Here's my DDS log. I elided my first name, if it's of any import that you know.

DDS (Ver_10-03-17.01) - NTFSX64
Run by B at 2:31:13.93 on Fri 05/07/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft? Wi... Read more

19 more replies
Answer Match 31.92%

Hello, I've downloaded the dds and gmer as requested. DDS ran smoothly and I got the logs asap. However ever since I've started this cleaning up my computer mess today, I've been unable to run several programs (so far dds, combofix and mbam-setup) The programs won't simply run. I look at the running processes and they don't appear there either.

I've tried using the compatibility thing to run it as win 98 file, it'd throw the process in the background but not run either.

Why am I here?
-I know I've been experiencing some problems with my computer over last few months and I'm a patient(lazy?) man, so I've endured it. However it has become a massive headache to me lately. I cannot even load my photographs to preview them for my lectures. It takes 3 minutes to load 5 mb JPEG, which is ridicilous. Also I cannot play the games I used to play. Windows XP takes about 10 minutes to open up when I reboot or open my computer.

-I've cleaned my pc (Literally, no dusts or alike)

What makes me think, there is malware?
Well there is this thing which keeps running iexplorer application and loads three websites, after choosing the iexplorer via alt+tab, it'd send the process to the background. It is a malware according to the googled results.

So you seem to know, one of the problems.. Why bother writing up a thread here?
Well I figure that since there is a malware, there could be more. And given my lack of AntiVirus usage(I dislike them for eating process), I'm guessing there... Read more

A:Cannot run Gmer - Cannot get logs

I've finally managed to download gmer with a different name and it worked. The log is on the attachment : ark

Awaiting your assistance, thanks a lot.

19 more replies
Answer Match 31.92%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

A:DDS/GMER logs

Due to the lack of feedback, this topic is now closed.If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

13 more replies
Answer Match 31.92%

Hi,I've been chasing this issue for a couple of days and would appreciate another set of eyes to look at my problem. I was helping a colleague who had a Fake.AV malware infection and have infected my own PC in the process. When the fake alert popped up, I immediately shutdown my PC, booted into safe mode and ran Super Anti Spyware. It found the infected files and removed them. I thought I had dodged the bullet, but over the next couple of days, I started having issues with my internet connections, so I continued to scan with other tools to identify the problem. I've run Spybot SD, MBAM, Gmer and Hijackthis and the only thing I can see from these logs is a reference to mbr.sys and catchme.sys in the Gmer log files. Not sure if the catchme.sys is a false positive based on my running gmer, but the mbr.sys has me really concerned that I have a rootkit infection. Here are the Gmer.log results:GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-17 23:09:31Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\SMcEvoy\LOCALS~1\Temp\ffliykog.sys---- System - GMER 1.0.15 ----Code \??\C:\DOCUME~1\SMcEvoy\LOCALS~1\Temp\catchme.sys pIofCallDriver---- Kernel code sections - GMER 1.0.15 ----? SYMEFA.SYS The system cannot find the file specified. !? C:\DOCUME~1\SMcEvoy\LOCALS~1\Temp\catchme.sys... Read more

A:mbr.sys found with Gmer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Answer Match 31.92%

Hi im new to this so im not sure if i am in the right place or not. I think i may have a rootkit. every time i run gmer to look if there is a problem it crashes when it starts and brings up a blue screen saying bad pool header. I also noticed more trojans are getting through but kaspersky catch's them. Any help you can give me will be greatly appreciated. thanks

A:gmer crash

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

==============

For GMER, download this version of GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply.

11 more replies
Answer Match 31.92%

I have an HP mini 1030 running Windows XP that I am trying to repair that was just given to me so I have no background info on the thing. There are currently 2 guest accounts and one admin account. Neither of the guest accounts will boot past a blank desktop screen and the admin account appears to boot completely and shows the icons and taskbar. The task bar shows that I am connected to the internet but Internet Explorer will not run. I double click on the icon but nothing ever happens. I can navigate around in the folders in "My Computer" but the computer won't run any programs from the control panel, either. The only program that I can get to run is iTunes and iTunes has no problems (I even have access to the iTunes store). I have noticed that there is a "Antivirus Pro 2010" under the start menu that won't uninstall and the same program has a little icon in the taskbar that keeps telling me my computer is infected. First I downloaded the most recent IE to my desktop and put the install file on a SD card and ran the install on the laptop from the SD card. The install appeared successful but it actually changed nothing. I then tried to install the latest Avira Antivirus from the SD card and just as it was finishing, a little box popped up saying "resource missing" "rctext.dll." So I click on OK only to find out the Avira didn't install either. Finally I found this website, downloaded the DDS and GMER programs to the SD card, copied ... Read more

A:Laptop will not run DDS, GMER, IE, etc.

Hello and welcome to TSF.

It's most likely the rogueware, Antivirus Pro 2010, is preventing programs as well as our tools from running. The following tool will hep running them.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.

There are 4 different versions. If one of them won't run then download and try to run the other one. You only need to get one of them to run, not all of them.

Vista and Win7 users need to right click and choose Run as Admin

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER as instructed in our First Steps and post them in a new th... Read more

1 more replies
Answer Match 31.92%

I was following the steps as asked in the initial instructions (I have my DDS.txt & Attach.txt), but when I ran GMER it scanned for 5+ minutes, then I got a blue screen and the computer shut down (really it rebooted) and now GMER will not run.

Any help is greatly appreciated.

Thanks,
Matt

A:Problems with GMER

Hi Matt,

Delete your existing gmer.exe and download it again from here.

Try again to run the scan as outlined in our pre-posting topic:
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

==============================

If it still crashes, run the scan again but uncheck 'Devices' along with the others outlined above.

8 more replies