Tech Support Forum - View Single Post

tinag · 04-22-2005, 12:04 PM

Hello again.

Before you toss your computer, let's try this:

Before proceeding, please print this page or copy it to Notepad to help you carry out the instructions. If you have questions about any instruction, please ask before performing it.

I found very little information about the program contained in the following folder:
C:\Program Files\TTI_V6_LE
It appears to be a translation program of some sort, which makes sense on this machine. Did you install it yourself? What do you know about it?

Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

To get rid of any lingering installation files, you should empty your Temp folders. (You should do this periodically anyway, as even benign software tends to leave a lot of junk there.) Download and install CleanUp! (alternate link), then run it and click the CleanUp! button. When it asks whether you want to log off, click Yes.

Reboot your system in Safe Mode by repeatedly tapping the F8 key until the menu appears, then selecting Safe Mode.

Open HijackThis. Click Config > Misc. Tools > Open process manager. If they still exist -- and they might not -- select the following item and click Kill process:

C:\Program Files\OfferApp\OfferApp.exe

Click Start > (Settings >) Control Panel > Add/Remove Programs. If the following program exists -- and it might not -- uninstall it:
OfferApp

Open Hijack This and click Scan. If they still exist -- and some might not -- check all of the following entries (make sure you do not miss any):

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7339D16D-CF57-454F-9E85-8230293F4EAD} - C:\WINDOWS\System32\aedcfb.dll (file missing)
O4 - HKLM\..\Run: [OfferApp] C:\Program Files\OfferApp\OfferApp.exe

Please close all other windows, including browsers, then click Fix checked.

If they still exist, delete the following files indicated in RED and folders indicated in BLUE.

file:
C:\WINDOWS\System32\aedcfb.dll

folder:
C:\Program Files\OfferApp

Run CleanUp! and click the CleanUp! button. When it asks whether you want to log off, click Yes.

Reboot your system into normal mode.

If you have a fast internet connection (broadband), run an online scan at Trend Micro or RAV Antivirus. Please select the “autoclean” option when using Trend Micro.

Please post a fresh HijackThis log so that we can check whether your system is clean and then complete the process.

04-22-2005, 12:04 PM	#4 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	Hello again. Before you toss your computer, let's try this: Before proceeding, please print this page or copy it to Notepad to help you carry out the instructions. If you have questions about any instruction, please ask before performing it. I found very little information about the program contained in the following folder: C:\Program Files\TTI_V6_LE It appears to be a translation program of some sort, which makes sense on this machine. Did you install it yourself? What do you know about it? Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. To get rid of any lingering installation files, you should empty your Temp folders. (You should do this periodically anyway, as even benign software tends to leave a lot of junk there.) Download and install CleanUp! (alternate link), then run it and click the CleanUp! button. When it asks whether you want to log off, click Yes. Reboot your system in Safe Mode by repeatedly tapping the F8 key until the menu appears, then selecting Safe Mode. Open HijackThis. Click Config > Misc. Tools > Open process manager. If they still exist -- and they might not -- select the following item and click Kill process: C:\Program Files\OfferApp\OfferApp.exe Click Start > (Settings >) Control Panel > Add/Remove Programs. If the following program exists -- and it might not -- uninstall it: OfferApp Open Hijack This and click Scan. If they still exist -- and some might not -- check all of the following entries (make sure you do not miss any): R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7339D16D-CF57-454F-9E85-8230293F4EAD} - C:\WINDOWS\System32\aedcfb.dll (file missing) O4 - HKLM\..\Run: [OfferApp] C:\Program Files\OfferApp\OfferApp.exe *Please close all other windows, including browsers, then click Fix checked.* If they still exist, delete the following files indicated in RED and folders indicated in BLUE. file: C:\WINDOWS\System32\aedcfb.dll folder: C:\Program Files\OfferApp Run CleanUp! and click the CleanUp! button. When it asks whether you want to log off, click Yes. Reboot your system into normal mode. If you have a fast internet connection (broadband), run an online scan at Trend Micro or RAV Antivirus. Please select the “autoclean” option when using Trend Micro. Please post a fresh HijackThis log so that we can check whether your system is clean and then complete the process. __________________ Have TSF volunteers helped you? Please consider helping TSF by subscribing or donating. Thanks!