11-12-2010, 07:42 AM
Greetings,
In return for this service, I propose to you two conditions:
Thank you.
Genuinely yours,
Quintus
Whilst I am in the process of scrutinizing your complete set of provided logs for any possible infections or problems, I ask for your forbearance. Understand that the process of analysis requires time and careful examination hence the need for a cautious response. Accuracy is of the essence. Once I come across infections, I shall present the finest methods of removal for your convenience.
In return for this service, I propose to you two conditions:
- You are not to create any new threads regarding the similar topic as it will waste another helper's time.
- You are not to install any new software in your system, as it may hinder our process thus making this futile.
- You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
- You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
- You are to provide the complete set of requested logs.
- You are to respond to every step I ask you to do using the format provided at the end of my post.
- You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
Thank you.
Genuinely yours,
Quintus
- Prerequisite
If you are having a problem running HijackThis as Administrator, please follow the steps below.
- Go to My Computer and navigate to your default disc drive (C: is the most common).
- Go to Program Files > Trend Micro > HijackThis.
- Right-click HiJackThis.exe and run it as Administrator.
- Go to My Computer and navigate to your default disc drive (C: is the most common).
- Step 1
Please run HijackThis. Click 'Do a system scan only' and place a check next to the following line(s) if present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14302&l=dis
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [V0640Pin.dll] RunDLL32.exe V0640Pin.dll,RunDLL32EP 514,/d:2
O4 - HKCU\..\Run: [U36VRSFLG6] C:\Users\Uzair\AppData\Local\Temp\Bqd.exe
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
- Step 2
Please download Combofix from one of the following locations:
'Link 1'
'Link 2'
**IMPORTANT!**
Let me give you a warning beforehand. I am instructing you to use one of the most powerful removal tool created. A simple mistake of running ComboFix without a helper's advice might render your machine unbootable. Do note that the steps below are crucial for the success of the clean-up you are currently undergoing. If by any chance you failed to meet any of them, I can almost guarantee a dreadful occurrence happening. See to it that you read the instructions first up to the very end and follow them accordingly after to ensure the best possible performance.
- Save ComboFix to your Desktop.
- Disable your anti-virus and anti-spyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. If you have difficulty properly disabling your protective programs, refer to 'this' link.
Please open Notepad and copy and paste this code.
Code:File::
C:\Users\Uzair\AppData\Local\Temp\Bqd.exe
Save this as CFScript.txt and change the Save As Type to All Files and place it on your Desktop. Make sure your security programs are disabled while we do this.
![[Image: CFScript.gif]](http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif)
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
- Save ComboFix to your Desktop.
- Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
- Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
- ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
- ComboFix prevents autorun of all CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you - please tell me.
- ComboFix disconnects your machine from the Internet. The connection is automatically restored before ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- ComboFix Log
- Deckard's System Scanner (DDS) Logs
- DDS.txt
- Attach.txt
- DDS.txt
- A Fresh HijackThis (HJT) Log
- Format of Response
Code:[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]