Tech Support Forum - View Single Post

tetonbob · 02-25-2007, 07:30 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

There should also have been produced by ComboScan a Supplementary.txt which you were to have attached. Please post it in your next reply.

---------------------------------------------------------------------------------------------

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD5F335-3F35-41D8-8B8E-06A9B512784E}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB11F66-D748-43A0-8A8E-0A9089F6EBF3}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14A0D00-1AFE-4279-9DC6-FE9B13616A14}: NameServer = 85.255.115.22,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101

Click FIX CHECKED. Close HijackThis.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 /u occache.dll

Click OK on the message which pops up.

Delete these files/folders if present:

c:\windows\system32\a.exe
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
c:\windows\downloaded program files\QDow.dll
C:\WINDOWS\Downloaded Program Files\f12802.exe

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 occache.dll

Click OK on the message which pops up.

---------------------------------------------------------------------------------------------

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic. Also, the Supplementary.txt from ComboScan

----------------------------------------------------------------------------------------------------------

02-25-2007, 07:30 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- There should also have been produced by ComboScan a Supplementary.txt which you were to have attached. Please post it in your next reply. --------------------------------------------------------------------------------------------- You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found): O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD5F335-3F35-41D8-8B8E-06A9B512784E}: NameServer = 85.255.115.22,85.255.112.101 O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB11F66-D748-43A0-8A8E-0A9089F6EBF3}: NameServer = 85.255.115.22,85.255.112.101 O17 - HKLM\System\CCS\Services\Tcpip\..\{C14A0D00-1AFE-4279-9DC6-FE9B13616A14}: NameServer = 85.255.115.22,85.255.112.101 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.22 85.255.112.101 Click FIX CHECKED. Close HijackThis. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support*, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Go to Start>Run then copy and paste, or type the following, then press Enter: regsvr32 /u occache.dll Click OK on the message which pops up. Delete these files/folders if present: c:\windows\system32\a.exe c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf c:\windows\downloaded program files\QDow.dll C:\WINDOWS\Downloaded Program Files\f12802.exe Go to Start>Run then copy and paste, or type the following, then press Enter: regsvr32 occache.dll Click OK on the message which pops up. --------------------------------------------------------------------------------------------- Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic. Also, the Supplementary.txt from ComboScan ---------------------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 02-25-2007 at 07:37 PM.