Tech Support Forum - View Single Post

**Glaswegian** · 10-04-2006, 02:46 PM

Hi Vinny and welcome to the Security Forum.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout or use this alternate location.

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch (if it doesn't, please launch it manually). Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{385FA9DE-6095-44A0-ADF0-3D96AB168742}: NameServer = 85.255.113.126,85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E62BA68-2FB4-4F82-BEE2-D0B54DD350F1}: NameServer = 85.255.113.126,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\..\{385FA9DE-6095-44A0-ADF0-3D96AB168742}: NameServer = 85.255.113.126,85.255.112.229
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.229
O17 - HKLM\System\CS2\Services\Tcpip\..\{385FA9DE-6095-44A0-ADF0-3D96AB168742}: NameServer = 85.255.113.126,85.255.112.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.229

Please remember to close all other windows, including browsers then click Fix checked.

At the end of the fix, you may need to restart your computer again.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner.

1. Click Check Now and a "pop up" window will appear. *Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Finally, please post the contents of the logfile C:\fixwareoutreport.txt, along with a new HijackThis log and the results of the Panda scan.

10-04-2006, 02:46 PM	#2 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,172 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Vinny and welcome to the Security Forum. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout or use this alternate location. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch (if it doesn't, please launch it manually). Please click Scan, and check the following items: O17 - HKLM\System\CCS\Services\Tcpip\..\{385FA9DE-6095-44A0-ADF0-3D96AB168742}: NameServer = 85.255.113.126,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{3E62BA68-2FB4-4F82-BEE2-D0B54DD350F1}: NameServer = 85.255.113.126,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{385FA9DE-6095-44A0-ADF0-3D96AB168742}: NameServer = 85.255.113.126,85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\..\{385FA9DE-6095-44A0-ADF0-3D96AB168742}: NameServer = 85.255.113.126,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.229 Please remember to close all other windows, including browsers then click Fix checked. At the end of the fix, you may need to restart your computer again. Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner. 1. Click Check Now and a "pop up" window will appear. Please ensure that your pop up blocker doesn't block it 2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan Finally, please post the contents of the logfile C:\fixwareoutreport.txt, along with a new HijackThis log and the results of the Panda scan. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner