1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: HELP: Google re-direct virus! Cant get rid of!

Discussion in 'Virus & Other Malware Removal' started by Cat080889, Apr 4, 2012.

Thread Status:
Not open for further replies.
  1. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
    Hi everyone,

    I desperately need some help. I have a google re-direct virus which keeps re-directing my google and yahoo to random internet sites. It is also blocking my antiviruses from working. Originally I had avira but the virus switched it off so I downloaded MalwareBytes but that is also now malfunctioning. My windows defender has also been switched off and I have had no luck switching it back on. I have also tried SpyBot, AVG and Ad-Aware but nothing seems to get rid of this thing.

    I have attached my hijack log and my gmer results. The DDS program would start running but wouldnt end. I left it for an hour or two before closing. I also tried running it in safe mode with no luck

    Any help would be greatly appreciated. I am not a wizz at computers but I will try my best.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:51:57 PM, on 4/04/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.monash.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe

    End of file - 6004 bytes


    GMER - http://www.gmer.net
    Rootkit scan 2012-04-04 19:57:33
    Windows 6.1.7601 Service Pack 1
    Running: 1i8osb95.exe; Driver: C:\Users\Cat\AppData\Local\Temp\uwldqpow.sys

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\cbc739cc2eb472246906fff2a2d14976\Usage@Main 1082392882

    ---- EOF - GMER 1.0.15 ----
  2. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006

    Please help!
  3. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
  4. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    Hello Cat080889 and welcome to the TSG forum.

    My name is Satchfan and I would be glad to help you with your computer problem. Please read the following guidelines which will help to make cleaning your machine easier:
    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

    Please do not install/uninstall any programs unless asked to.
    Please do not run any scans other than those requested

    I’m looking at your log now and will reply with instructions shortly

  5. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    Hello again Cat080889

    Running multiple antivirus programs

    You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

    Uninstall either Ad-Aware or AVG.
    • click on Start, Control Panel
    • under Programs, click Uninstall a Program(it may take time for the list to appear, so be patient)
    • scroll down the list and look for the program you are uninstalling, click on it and then on Remove.

    Spybot TeaTimer

    Please disable this program and leave it disabled until we are done as it can interfere with some of the tools we use.
    • launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    • on the left hand side, click on Tools, then click on the Resident Icon in the list.
    • uncheck the Resident TeaTimer (Protection of overall system settings) active box.
    • click on the System Startup icon in the List
    • uncheck the "TeaTimer" box and click OK at any prompts.
    • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
    • exit Spybot S&D.
    (When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).


    Run DDS

    Please download DDS by sUBs from one of the following links and save it to your desktop.
    • disable any script blocking protection (How to Disable your Security Programs)
    • double click DDS icon to run the tool (may take up to 3 minutes to run)
    • when done, DDS.txt will open.
    • after a few moments, attach.txt will open in a second window.
    • save both reports to your desktop.
    Post the contents of the DDS.txt and Attach.txt reports in your next reply


    Run aswMBR
    • download aswMBR.exe to your desktop
    • double click the aswMBR.exe to run it
    • click the "Scan" button to start the scan
    On completion of the scan click save log, save it to your desktop and post in your next reply


    Run Farbar Service Scanner

    Please download Farbar Service Scanner
    • make sure "Include All Files" option remains checked
    • press Scan
    • it will create a log (FSS.txt) in the same directory the tool is run
    • please copy and paste the log to your reply.
    Logs to include in the next post:


  6. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
    Hi Satchfan,

    Thank you for taking my case. I have deleted Ad-Aware and also disabled by spybot tea timer. However, the DDS program still wont work on my computer. I have tried uninstalling and downloading a new one from a different link but I still have the same problem. It will start and get about 3/4 of the way through and then freeze after about 2 hours.

    The sawMBR program ALSO wont work. Ive tried clicking on it and also running it as administrator but nothing happens. I am not sure if it is the virus disabling these programs?

    The FSS scanner did work:
    Farbar Service Scanner Version: 01-03-2012
    Ran by Cat (administrator) on 09-04-2012 at 10:20:39
    Running from "C:\Users\Cat\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal

    Internet Services:

    Connection Status:
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:

    Firewall Disabled Policy:

    System Restore:

    System Restore Disabled Policy:

    Action Center:

    Windows Update:

    Windows Defender:
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

    File Check:
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****

    Is there anything I can try to make DDS and aswMBR work?

  7. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    Run this and then try running DDS and aswMBR again.

    Download/run Rkill:

    Please download Rkill from one of the following links and save to your Desktop:
    • double click on Rkill.
    • a command window will open then disappear upon completion, this is normal.
    • please leave Rkill on the Desktop until otherwise advised.
    Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

    You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

    You'll be able to tell when rkill has done its job when your desktop (explorer.exe) cycles off and then on again.

    Do not reboot your computer after running rkill as the malware programs will start again.


    If it still won't work, try running DDS and aswMBR in safe mode.

    To Enter Safemode
    • go to Start> Shut off your Computer> Restart
    • as the computer starts to boot-up, Tap the F8 KEY - this will bring up a menu.
    • use the Up and Down Arrow Keys to scroll up to Safemode
    • then press Enter on your keyboard
  8. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
    Still no luck...

    I ran rkill in normal mode and it seemed to work ok until I receieved an error ''this process cannot access the file as it is being used by another process''. This came up around 50 times. I also tried running rkill in safemode but received the same message.

    I tried running DDS and aswMBR also in safe mode but again no luck. DDS keeps getting stuck around the 3/4 mark and aswMBR doesnt open at all...
  9. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    Let’s try this, preferably in noemal mode.

    Run RogueKiller

    Note: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run roguekiller again

    Download RogueKiller to your desktop.
    • close all running programs
    • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    • when prompted, type 1 and press Enter
    • the RKreport.txt will be generated next to the executable, (on the desktop).
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next Reply.

    Remember: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run roguekiller again

  10. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
    The program ran but it never asked me to type ''1''. Here is the contents of the log:

    RogueKiller V7.3.2 [03/20/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: Cat [Admin rights]
    Mode: Scan -- Date: 04/10/2012 20:24:41

    ¤¤¤ Bad processes: 1 ¤¤¤
    [BLACKLIST] d3d10_1.dll -- C:\Windows\system32\d3d10_1.dll -> UNLOADED

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [SUSP PATH] {0D94D661-C06F-4B96-8E14-CF8F0100744B}.job @ : C:\Users\Cat\Desktop\aswMBR.exe -> FOUND
    [SUSP PATH] {2EA8D0C5-1C08-4D02-90B8-133B1C2E40D4}.job @ : C:\Users\Cat\Desktop\aswMBR.exe -> FOUND
    [SUSP PATH] {36C674E5-C4F7-4A24-859C-DFC533AC522B}.job @ : C:\Users\Cat\Desktop\aswMBR.exe -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤
    SSDT[172] : NtNotifyChangeKey @ 0x82C4FED5 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC9004)
    SSDT[173] : NtNotifyChangeMultipleKeys @ 0x82C4EFF7 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC90D4)
    SSDT[190] : NtOpenProcess @ 0x82C67AA0 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC8D76)
    SSDT[370] : NtTerminateProcess @ 0x82CB0B8D -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC8E1E)
    SSDT[371] : NtTerminateThread @ 0x82CCE504 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC8EBA)
    SSDT[399] : NtWriteVirtualMemory @ 0x82CB58EA -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC8F56)
    S_SSDT[402] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC959E)
    S_SSDT[434] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC950A)
    S_SSDT[436] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC954A)
    S_SSDT[585] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0x95DC949C)

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤ www.007guard.com 007guard.com 008i.com www.008k.com 008k.com www.00hq.com 00hq.com 010402.com www.032439.com 032439.com www.0scan.com 0scan.com www.1000gratisproben.com 1000gratisproben.com 1001namen.com www.1001namen.com 100888290cs.com www.100888290cs.com www.100sexlinks.com 100sexlinks.com

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160812A ATA Device +++++
    --- User ---
    [MBR] 23190ff59b6f1b5ae9ee965441c2a6c4
    [BSP] 1b3a2d639452e44147fe79a66d7bd11e : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 68cc212a758a2e172b68fb30f0b88e64
    [BSP] 1b3a2d639452e44147fe79a66d7bd11e : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
    1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312560640 | Size: 10 Mo

    Finished : << RKreport[1].txt >>
  11. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    At least that ran but it doesn’t show good news I’m afraid.

    Can you try running aswMBR again.

    If that doesn’t work, do the following:

    Run TDSSKiller

    Please download TDSSKiller.zip
    • extract it to your desktop
    • double click TDSSKiller.exe
    • press Start Scan
    only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
    click Continue > Reboot now
    • copy and paste the log in your next reply
    • a copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)
  12. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
    Again no luck :(

    aswMBR still wont open and neither will the TDSSKiller.exe

    Did you want me to try run TDSSKiller in safe mode?

  13. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    Yes please
  14. Cat080889

    Cat080889 Thread Starter

    Jun 1, 2006
    Again no luck. The same thing happens to both tdsskiller and aswMBR. They both ask if I want to run this program and I click yes and then nothing happens!
  15. Satchfan

    Satchfan Malware Specialist

    Jan 12, 2009
    We're not doing well here - this thing is a real nuisance.

    We'll try another but if this doesn't run normally I'll give you instructions to run it differently.

    Download Combofix from either of the links below, and save it to your desktop.
    **Note: It is important that it is saved directly to your desktop**

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • double click on ComboFix.exe & follow the prompts
    • when finished, it will produce a report for you.
    • please post the C:\ComboFix.txt for further review.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1047903