04-29-2011, 03:55 AM
Greetings,
In return for this service, I propose to you two conditions:
Thank you.
Genuinely yours,
Quintus
Whilst I am in the process of scrutinizing your complete set of provided logs for any possible infections or problems, I ask for your forbearance. Understand that the process of analysis requires time and careful examination hence the need for a cautious response. Accuracy is of the essence. Once I come across infections, I shall present the finest methods of removal for your convenience.
In return for this service, I propose to you two conditions:
- You are not to create any new threads regarding the similar topic as it will waste another helper's time.
- You are not to install any new software in your system, as it may hinder our process thus making this futile.
- You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
- You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
- You are to provide the complete set of requested logs.
- You are to respond to every step I ask you to do using the format provided at the end of my post.
- You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
Thank you.
Genuinely yours,
Quintus
- Pre-Step
Click 'here' to download Temp File Cleaner by OldTimer. Save it to your Desktop.
- Close any open windows.
- Double-click TFC.exe and select 'Run' when prompted to execute the program. It will close all open programs itself in order to run.
- Click the Start button to begin the cleaning process.
- Please let the program run uninterruptedly.
- Once the cleaning has been done, your computer should automatically reboot. Otherwise, please do so when it does not.
- Close any open windows.
- Prerequisite
If you are having a problem running HijackThis as Administrator, please follow the steps below.
- Go to My Computer and navigate to your default disc drive (C: is the most common).
- Go to Program Files > Trend Micro > HijackThis.
- Right-click HiJackThis.exe and run it as Administrator.
- Go to My Computer and navigate to your default disc drive (C: is the most common).
- Step 1
Please download RKill.
- Please chose "iExplore.exe" and save it to your Desktop.
- Double-click the file for it to stop any process associated with the rogue program.
- When done, a prompt will automatically close.
"If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Antimalware Doctor when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Antimalware Doctor. So, please try running RKill until the malware is no longer running. If you continue having problems running RKill, you can download the other renamed versions of RKill from the Rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab. Do not reboot your computer after running RKill as the malware programs will start again."
- Please chose "iExplore.exe" and save it to your Desktop.
- Step 2
- Please download Malwarebytes' Anti-Malware 'here'.
- Double-click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
- When the scan is complete, click 'OK', then 'Show Results' to view the results.
- Make sure that everything is checked, and click 'Remove Selected'.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
- The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
- Copy and paste the entire report in your next reply.
- Please download Malwarebytes' Anti-Malware 'here'.
- Step 3
Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
- Double-click esetsmartinstaller_enu.exe to execute the program.
- Tick 'YES, I accept the Terms of Use'.
- Click 'Start'.
- If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
- Database download may take some time.
- When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
- Scan for potentially unwanted applications
- Enable Anti-Stealth Technology
- Scan for potentially unwanted applications
- Click 'Start'.
- Wait for the scan to finish.
- Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
- Copy and paste that log as a reply to this topic.
- Double-click esetsmartinstaller_enu.exe to execute the program.
- Step 4
Download DDS.scr by sUBs from one of the following links and save it to your Desktop.
'Link 1'
'Link 2'
- Double-click on DDS.scr and a command window will appear. This is normal.
- Shortly after two logs will appear, DDS.txt and Attach.txt.
- A window will open instructing you save and post the logs. Save the logs to a convenient place such as your Desktop.
- Copy the contents of both logs and post in your next reply.
- Double-click on DDS.scr and a command window will appear. This is normal.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Deckard's System Scanner (DDS) Logs
- DDS.txt
- Attach.txt
- DDS.txt
- A Fresh HijackThis (HJT) Log
- ESET Scan Log
- Malwarebytes' Anti-Malware Scan Log
- Format of Response
As part of my service terms, you are to fill this up every time you respond to your log. Copy and paste the content inside the code box and write directly after the closing tags. Do not add spaces as they are already provided. An exception applies to the numbers, as they are to be written after the # sign.
Step #1: Change the number accordingly.
Problems Encountered: Put N/A if the operation went smoothly.
Link To Requested Logs: Post the links to the logs I have asked you to produce.
Example: (Click to View)
- Code:
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]