Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Step #8 "GMER Download Link 1" problem

  • This topic is locked This topic is locked
3 replies to this topic

#1 shartle


  • Members
  • 2 posts
  • Local time:11:53 AM

Posted 17 April 2010 - 08:26 AM

I am in the process of wrestling my computer (windoesXP) as directed by the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help. I am currently at step #8 "GMER Download Link 1" and everytime I try to create the GMER Log, I get directed to another site. I tried both links, 1 & 2 with same redirecting results. I have attached my Notepad results. What do I do? I should add I am a new user with some computer experience so if I am in the wrong forum, I am sorry. Thanks

Attached Files

BC AdBot (Login to Remove)


#2 shartle

  • Topic Starter

  • Members
  • 2 posts
  • Local time:11:53 AM

Posted 18 April 2010 - 07:18 PM

My computer (Windows XP) is infected with a spyware, malware or?? Usually when I google something I am redirected to some kind of advertisement. Google will often require me to enter a security code before loading because Google says my computer is transmitting something. My address bar is shadded out in the beginning and end of any address. I have a new Icon between my address bar and refresh button that looks like a piece of paper torn in half. My computer does work but is very loaded down and slow. The longer the computer is on the more crazy things get. I have tried various spyware removal programs with no luck.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:20:46.45 on Sat 04/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.49 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Security Antivirus *On-access scanning enabled* (Updated) {9F00A78E-FD28-4521-BC40-FBE9AB56696D}
FW: Security Antivirus *enabled* {DE57F997-E786-4584-8BB8-FE64A3BD8E41}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton Security Suite\Engine\\ccSvcHst.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Security Suite\Engine\\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.com/
uDefault_Page_URL = hxxp://www.tc3net.com
uDefault_Search_URL = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uWindow Title = TC3Net Internet Explorer
mSearch Bar = hxxp://www.google.com
mWindow Title = TC3Net Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Simple Star PhotoShow Media Manager] c:\progra~1\simple~1\photos~2\data\xtras\mssysmgr.exe
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
mRun: [iRiver Updater] \Updater.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ymetray] "c:\program files\yahoo!\yahoo! music engine\YahooMusicEngine.exe" -preload
mRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe" -CheckReg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital image\Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music engine\ymetray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: safebrowsing-cache.google.com
Hosts: urs.microsoft.com
Hosts: www.securesoftwarebill.com
Hosts: secure-plus-payments.com
Hosts: www.getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\\ccSvcHst.exe [2010-3-8 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-10-19 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-8 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100416.038\NAVENG.SYS [2010-4-17 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100416.038\NAVEX15.SYS [2010-4-17 1324720]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 mrtRate;mrtRate; [x]
S3 pf_usb;Kensington Digital Frame Service;c:\windows\system32\drivers\PF_USB.sys [2006-3-4 17036]
S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

=============== Created Last 30 ================

2010-04-17 12:14:02 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-04-17 02:02:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-17 02:00:46 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-17 02:00:46 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-04-17 01:58:51 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-16 16:44:10 0 d-----w- c:\docume~1\owner\applic~1\DriverCure
2010-04-16 16:43:27 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
2010-04-16 16:43:20 0 d-----w- c:\program files\ParetoLogic
2010-04-16 15:09:37 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-04-16 15:09:21 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2010-04-15 00:56:58 0 d-----w- c:\docume~1\owner\applic~1\BILEVSE
2010-04-15 00:55:26 0 d-----w- c:\program files\Registry Convoy 2009
2010-04-14 00:45:53 11294 ----a-w- c:\windows\wininit.ini
2010-04-13 23:37:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-13 23:37:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-13 13:24:13 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-04-13 12:54:11 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-04-13 12:32:36 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-13 12:32:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-13 12:32:27 0 d-----w- c:\windows\ie8updates
2010-04-13 12:30:56 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-13 12:27:14 0 dc-h--w- c:\windows\ie8
2010-03-19 12:10:07 0 d-----w- c:\docume~1\owner\applic~1\AVG8

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 15:45:47 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-08 15:45:47 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-08 15:45:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-08 15:45:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-08 15:45:32 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-08 15:45:30 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-08 15:45:18 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2004-05-01 20:01:22 0 -csha-w- c:\windows\sminst\HPCD.sys
2008-09-19 18:16:55 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 8:22:23.00 ===============

Attached Files

Edited by Orange Blossom, 19 April 2010 - 09:36 PM.
Merged topics. ~ OB

#3 Blade81


    Bleepin' Rocker

  • Malware Response Team
  • 6,465 posts
  • Gender:Male
  • Location:Finland
  • Local time:06:53 PM

Posted 22 April 2010 - 01:59 PM


Please visit this webpage for download links, and instructions for running ComboFix tool:


Please ensure you read this guide carefully first.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

#4 Blade81


    Bleepin' Rocker

  • Malware Response Team
  • 6,465 posts
  • Gender:Male
  • Location:Finland
  • Local time:06:53 PM

Posted 29 April 2010 - 12:45 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users