Home > General > DDS/GMER

DDS/GMER

There's nothing now, but just in case you may see something I posted those scans. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Download ComboFix from one If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010/02/23 16:49:09 | 000,549,376 | ----

It should look like this: Doubleclick on it and when it asks you, click Yes and then OK button.Then reboot your computer to apply the changes. Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts Can't remove malware:log posted mbam,gmer,dds Byilokobiz Sep 9, 2010 Page 1 of 2 1 2 Next > hi guys Share this post Link to post Share on other sites Maniac    Forum Deity Experts 22,799 posts Location: Bulgaria, EU ID: 9   Posted June 6, 2010 Open Notepad and copy Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [7/7/2010 11:21:37 AM 114768] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [7/7/2010 11:21:37 AM 20560] R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [9/10/2010 9:13:52 AM 304464] R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [9/10/2010 9:13:47 AM 20952] . http://www.bleepingcomputer.com/forums/t/404836/ddsgmer/

scanning hidden files ... Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" Using Windows Explorer, or Windows Search, locate and delete the following folder: c:\documents and settings\janice\Local Settings\Application Data\qaavbugyi --------------------------------------------------------------------------------------------- Next... Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Because it could be possible that files in use will be moved/deleted during reboot.[*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your This alone can save you a lot of trouble with malware in the future. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs): Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 5 Java(TM) 6 Update 7 These are all outdated, and security risks MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements.

Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Thanks again. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. https://forums.malwarebytes.org/topic/52865-ddsgmer-log-files/ After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt Sep 10, 2010 #17 ilokobiz TS Rookie Topic Starter Posts: 28 combofix.txt

You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the If there is no internet connection after running Combofix, then restart your computer to restore back your connection. I don't know why it says it is an invalid file. Error - 6/12/2011 8:35:41 PM | Computer Name = D7N1ZTG1 | Source = Symantec AntiVirus | ID = 16711731Description = Security Risk Found!Trojan.Gen in File: C:\Documents and Settings\dsc\Local Settings\Temp\oncaxreswm.tmp by: Auto-Protect

Share this post Link to post Share on other sites msrods    New Member Topic Starter Members 17 posts ID: 5   Posted June 5, 2010 Please download ComboFix from:http://download.bleepingcomputer.com/sUBs/ComboFix.exeSave it https://forums.malwarebytes.com/topic/68469-post-results-defogger-dds-gmer/?do=email&comment=353811 Logs can take some time to research, so please be patient with me. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Even if things appear to be better, it might not mean we are finished.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. I patiently await any further instructions! 08-13-2010, 05:19 PM #13 tetonbob Management Team, Security Center & TSF Academy Expert Analyst, Moderator, Security Team Rangemaster, Moderator, TSF Academy Please continue to follow my instructions and reply back until I give you the "all clean". After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt Sep 10, 2010 #20 ilokobiz TS Rookie Topic Starter Posts: 28 combofix.txt

For what it's worth, there is only one User on this computer. And I am reading your suggestions. Deny permission not working Hibernate/Sleep killed my mouse :( Laptop has no Microsoft office... I admit that it is a sophisticated piece, even though I'd like to strangle the person who created it.

Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery BLEEPINGCOMPUTER NEEDS YOUR HELP! scanning hidden autostart entries ...

Thank you.

I suspect that some of my problems may be software conflicts and I welcome your suggestions. You don't want to run McAfee and Avira together, and no it's not necessary since you have Avira now. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine. I had to put the OTL log in 2 parts.OTL logfile created on: 2/23/2010 4:49:49 PM - Run 4OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Theofiel Dib\DesktopWindows XP

Finish posting your assistance request to the forum, and you will recieve replies within a day, but generally within an hour or less. Here are the logs:DDS (Ver_09-12-01.01) - NTFSx86Run by Theofiel Dib at 1:55:46.82 on Sun 02/21/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.87 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) May be irellevant, but after a month of this headache I hope anything will help resolve. ********HJT log:*********** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:24:25 AM, on 1/6/2011 Clear editor Insert other media Insert existing attachment Insert image from URL × Desktop Tablet Phone Security Check Send Recently Browsing 0 members No registered users viewing this page.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click on this link to see a list of programs that should be disabled. Registry Values Infected: (No malicious items detected) Sep 9, 2010 #2 ilokobiz TS Rookie Topic Starter Posts: 28 gmer log i attached it Attached Files: gmer.log File size: 4.2 Sep 10, 2010 #14 ilokobiz TS Rookie Topic Starter Posts: 28 sir i cant download the combo fix ive been downloading this one for about 2 hours now, and it stuck

Sep 10, 2010 #13 Broni Malware Annihilator Posts: 53,103 +349 Well, we'll see what Combofix will show... If Combofix asks you to update the program, always do so. Delete the program from your where you saved it. > Enable your virus protection and re-connect to the internet. Update Decemeber 2011 - SUPERAntiVirus Free Edition - The name was a put-off, but this is good software.

That may cause it to stall** Make sure, you re-enable your security programs, when you're done with Combofix. The report will be called DrWeb.csv[*]Close Dr.Web Cureit.[*]Reboot your computer!! This time no Extras.txt appeared in the minimized tray. c:\documents and settings\user\Application Data\facemoods.com c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.png c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_amsint32 ((((((((((((((((((((((((( Files Created

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button. Many thanks for your help. After you have updated, click the button - enable protection for all unprotected items WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or I can't run Thread Tools Search this Thread 08-12-2010, 06:14 PM #1 J E Bradley Registered Member Join Date: Feb 2008 Posts: 24 OS: Windows XP I

To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). This will start ComboFix again. 6.