Also if you can, please do not delete my restore points in this process because last time my computer was not able to turn on and I had to use restore points.
Internet Explorer and MBAM
Started by
MehChan
, Jan 24 2010 07:29 PM
#1
Posted 24 January 2010 - 07:29 PM
Also if you can, please do not delete my restore points in this process because last time my computer was not able to turn on and I had to use restore points.
#2
Posted 27 January 2010 - 12:15 PM
See Quietman7's post in http://www.bleepingc...opic267354.html
Are you able to run OTL as requested in the top post of this forum? The log would really be useful.
Ron
Are you able to run OTL as requested in the top post of this forum? The log would really be useful.
Ron
#3
Posted 07 February 2010 - 05:06 PM
I was able to run OTL. Here is the log.
Attached Files
#4
Posted 08 February 2010 - 01:39 AM
Please do not attach files. Just copy and paste them.
I see these culprits:
C:\Windows\Tasks\esdklhks.job
C:\Windows\Tasks\succlthb.job
C:\ProgramData\sijudika
C:\ProgramData\nitesani
C:\ProgramData\dobojobe
C:\ProgramData\wifekeba
C:\ProgramData\rimakita
C:\ProgramData\genetoda
The first two are scheduled tasks. Right click on Computer and select Manage. (Continue) Now click on Task Scheduler. Click on View then Show Hidden Tasks. In the right pane find the Active Tasks. Look for esdklhks and double click on it. Click on Actions. What program is it trying to run? Please copy the full path. Select Disable in the list on the right. Now find succlthb and repeat.
Close the window.
Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Right click on avenger.exe and Rename it to john.exe, Enter then right click on it and select Run As Administrator
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\Windows\Tasks\esdklhks.job
C:\Windows\Tasks\succlthb.job
C:\ProgramData\sijudika
C:\ProgramData\nitesani
C:\ProgramData\dobojobe
C:\ProgramData\wifekeba
C:\ProgramData\rimakita
C:\ProgramData\genetoda
******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.
If Avenger won't work go on to Combofix.
Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Right click on george and Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Re-activate your protection programs at this time :!:
Ron
I see these culprits:
C:\Windows\Tasks\esdklhks.job
C:\Windows\Tasks\succlthb.job
C:\ProgramData\sijudika
C:\ProgramData\nitesani
C:\ProgramData\dobojobe
C:\ProgramData\wifekeba
C:\ProgramData\rimakita
C:\ProgramData\genetoda
The first two are scheduled tasks. Right click on Computer and select Manage. (Continue) Now click on Task Scheduler. Click on View then Show Hidden Tasks. In the right pane find the Active Tasks. Look for esdklhks and double click on it. Click on Actions. What program is it trying to run? Please copy the full path. Select Disable in the list on the right. Now find succlthb and repeat.
Close the window.
Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Right click on avenger.exe and Rename it to john.exe, Enter then right click on it and select Run As Administrator
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\Windows\Tasks\esdklhks.job
C:\Windows\Tasks\succlthb.job
C:\ProgramData\sijudika
C:\ProgramData\nitesani
C:\ProgramData\dobojobe
C:\ProgramData\wifekeba
C:\ProgramData\rimakita
C:\ProgramData\genetoda
******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.
If Avenger won't work go on to Combofix.
Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Right click on george and Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Re-activate your protection programs at this time :!:
Ron
#5
Posted 27 February 2010 - 10:34 AM
I was able to find esdklhks in the task manager, but I cannot find succlthb.
For esdklhks the details are :
C:\Windows\system32\rundll32.exe “C:\Windows\system32\gobewowi.dll”,d
Also when I copy and paste the text in john.exe and press execute it says:
Error: Invalid Script. A valid script must begin with a command directive.
Aborting execution.
Also i found this log:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6000)
Sat Feb 27 08:31:05 2010
08:31:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6000)
Sat Feb 27 08:34:14 2010
08:34:14: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
For esdklhks the details are :
C:\Windows\system32\rundll32.exe “C:\Windows\system32\gobewowi.dll”,d
Also when I copy and paste the text in john.exe and press execute it says:
Error: Invalid Script. A valid script must begin with a command directive.
Aborting execution.
Also i found this log:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6000)
Sat Feb 27 08:31:05 2010
08:31:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6000)
Sat Feb 27 08:34:14 2010
08:34:14: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Edited by MehChan, 27 February 2010 - 10:44 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users