Jump to content

chamber

Experts
  • Posts

    274
  • Joined

  • Last visited

Reputation

0 Neutral

About chamber

  • Birthday 09/25/1982

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  1. Hi Sorry for the delay, Was laid up with a pretty bad chest infection and then my real job was unbelievably hectic due to my time off, I am trying to get caught up with everything now. Are you still unable to uninstall ComboFix?
  2. Hi Sorry for the delay, Was laid up with a pretty bad chest infection and then my real job was unbelievably hectic due to my time off, I am trying to get caught up with everything now. Can you re run DDS for me? You also need to update Adobe reader as your is now out of date.
  3. Hi Sorry for the delay, had to go out of the country on business. Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: c:\windows\system32\userinit.exe [*]Click on the Upload button [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button. [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. [*]Paste the contents of the Clipboard in your next reply. Can you also please scan these files, C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe
  4. Sorry for the delay, Had to go out of the country on business. How are things running now? Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. Click Yes at the next prompt for Optional Scan. Save both reports to your desktop. --------------------------------------------------- Please include the contents of the following in your next reply: DDS.txt Please attach the second file; Attach.txt. To attach a file, do the following: Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  5. Ah, Redownload ComboFix and run it's uninstall routine. Let the brat out of the celler if only to clean the car for a few week. lol How is everything else?
  6. It's looking better. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, adware, dialers, and other riskware Archives E-mail databases [*]Click on My Computer under the green Scan bar to the left to start the scan. [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. [*]Click View report... at the bottom. [*] Click the Save report... button. [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
  7. Looks a lot better. Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  8. Hi, Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe File not found O4 - HKLM..\Run: [pdfSaver3] File not found O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsock.dll) - C:\WINDOWS\System32\kbdsock.dll File not found O20 - AppInit_DLLs: (vewaboji.dll) - File not found O33 - MountPoints2\{c0b9363e-b096-11dc-9ba1-000fb53a21a1}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found [2010/01/08 23:01:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\xonqkc [2009/12/31 22:42:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\qgbikn [2010/01/11 22:43:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jason\My Documents\~$mbofix.doc [2010/01/11 22:41:27 | 00,662,016 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\combofix.doc [2010/01/09 10:37:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe [2010/01/09 10:17:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe [2010/01/09 08:31:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe [2010/01/09 08:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe [2010/01/09 07:51:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe [2010/01/09 07:31:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe [2010/01/09 07:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe [2010/01/09 06:51:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe [2010/01/09 06:31:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe [2010/01/09 06:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe [2010/01/09 05:51:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe [2010/01/09 05:31:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe [2010/01/09 05:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe [2010/01/09 04:51:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe [2010/01/09 04:31:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe [2010/01/09 04:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe [2010/01/09 03:51:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe [2010/01/09 03:31:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe [2010/01/09 03:11:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe [2010/01/09 02:51:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe [2010/01/09 02:31:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe [2010/01/09 02:11:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe [2010/01/09 01:51:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe [2010/01/09 00:49:21 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\ruyimoga [2009/12/31 22:40:10 | 00,773,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\jgcecf.sys [2007/07/06 21:07:28 | 56,756,736 | ---- | M] () -- C:\sj650en.exe :Services :Reg :Files :Commands [purity] [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  9. It may be. Rename inherit back. You do not need to be worried about those 2 infections, they were in the system restore and could not infect your machine unless you specifically used them. They were also removed when you uninstalled ComboFix, there is no need to download a fresh copy. You can delete Security Check and JavaRa.
  10. Hi, Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %SYSTEMDRIVE%\*.* %userprofile%\Desktop\*.* %userprofile%\Desktop\*. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode.
  11. Hi, Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %SYSTEMDRIVE%\*.* %userprofile%\Desktop\*.* %userprofile%\Desktop\*. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  12. Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %SYSTEMDRIVE%\*.* %userprofile%\Desktop\*.* %userprofile%\Desktop\*. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode.
  13. Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %SYSTEMDRIVE%\*.* %userprofile%\Desktop\*.* %userprofile%\Desktop\*. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  14. Hi Jimmy, Error code 730 means: Unable to load the database. Please uninstall Malwarebytes' Anti-Malware, restart your computer, run the utility at the following link, restart your computer again, and then reinstall Malwarebytes' Anti-Malware. http://www.malwarebytes.org/mbam-clean.exe Here is a link to download a fresh copy of Malwarebytes' Anti-Malware for the reinstall: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.