Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help with a Yontoo virus


  • Please log in to reply
8 replies to this topic

#1 charmac

charmac

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 11 October 2013 - 12:26 PM

Hi all,  :hello: First of all before we get down to the knitty gritty let me introduce myself, as you can see I go by the name of charmac it's a mixture of my real first and second name, I'm a 64 year old male living in Dublin, Ireland (born and bead) I started using the computer about two years ago, so I think you can safely say I'm a computer dunce but I do try  :busy: My problem is that my computer (windows xp) has been invaded by some sort of melwere or virus called Yontoo and it's doing my head in, I tried a few melwere scan that were suggested to me by some friends but none seems to have worked for me, so here I am, ready to be comitted to a padded cell with a sick computer. If there is any kind person with buckets of patience (esencial) :blush: out there  that is willing to help me to defeat this evil parasite it would be very much appreciated

 

Cheers. charmac  



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:31 AM

Posted 11 October 2013 - 02:56 PM

Welcome charmac..
We should run these and see what we get.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 charmac

charmac
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 October 2013 - 05:12 AM

Thank you for your reply boopme, it's very kind of you to help me out, I'll get on this as soon as I can so bear with me if you don't mind.


Edited by charmac, 12 October 2013 - 01:21 PM.


#4 charmac

charmac
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 October 2013 - 06:12 AM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by charmac (administrator) on 12-10-2013 at 11:23:50
Running from "C:\Documents and Settings\charmac.D3GL432J\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 9090
"network.proxy.type", 1
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Wireless N-300 USB Adapter WNA3100 = Wireless Network Connection 5 (Connected)
Intel® PRO/1000 PL Network Connection = Local Area Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Wireless Network Connection 5"
 
set address name="Wireless Network Connection 5" source=dhcp 
set dns name="Wireless Network Connection 5" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 5" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : D3GL432J
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : Yes
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection
 
        Physical Address. . . . . . . . . : 00-13-72-09-B0-12
 
 
 
Ethernet adapter Wireless Network Connection 5:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100
 
        Physical Address. . . . . . . . . : 30-46-9A-3B-77-FA
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.12
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 89.101.160.4
 
                                            89.101.160.5
 
        Lease Obtained. . . . . . . . . . : 12 October 2013 11:22:03
 
        Lease Expires . . . . . . . . . . : 12 October 2013 12:22:03
 
Server:  ie-dub01a-dns01.upc.ie
Address:  89.101.160.4
 
Name:    google.com
Addresses:  74.125.24.100, 74.125.24.138, 74.125.24.113, 74.125.24.102
 74.125.24.101, 74.125.24.139
 
 
 
Pinging google.com [74.125.24.100] with 32 bytes of data:
 
 
 
Reply from 74.125.24.100: bytes=32 time=14ms TTL=51
 
Reply from 74.125.24.100: bytes=32 time=16ms TTL=51
 
 
 
Ping statistics for 74.125.24.100:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 14ms, Maximum = 16ms, Average = 15ms
 
Server:  ie-dub01a-dns01.upc.ie
Address:  89.101.160.4
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=119ms TTL=50
 
Reply from 98.139.183.24: bytes=32 time=120ms TTL=50
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 119ms, Maximum = 120ms, Average = 119ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 09 b0 12 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
0x3 ...30 46 9a 3b 77 fa ...... Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.12  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.12    192.168.1.12  25
     192.168.1.12  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255     192.168.1.12    192.168.1.12  25
        224.0.0.0        240.0.0.0     192.168.1.12    192.168.1.12  25
  255.255.255.255  255.255.255.255     192.168.1.12               2  1
  255.255.255.255  255.255.255.255     192.168.1.12    192.168.1.12  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 05 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/10/2013 08:33:57 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (10/09/2013 10:33:34 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1647812708.
 
Error: (10/09/2013 10:33:23 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.44.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/08/2013 10:07:47 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (10/07/2013 02:25:14 PM) (Source: Iminent) (User: )
Description: Unexpected exception.
 
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   at System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Delegate.DynamicInvokeImpl(Object[] args)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
 
Error: (10/06/2013 00:50:32 PM) (Source: Application Error) (User: )
Description: Faulting application ilivid.exe, version 5.0.0.3958, faulting module ilivid.exe, version 5.0.0.3958, fault address 0x000a1e89.
Processing media-specific event for [ilivid.exe!ws!]
 
Error: (10/05/2013 08:32:49 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x4ec674b2.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (10/05/2013 05:20:12 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (10/05/2013 03:00:38 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 30.0.1599.69, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (10/04/2013 09:39:34 PM) (Source: PerfNet) (User: )
Description: Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.
 
 
System errors:
=============
Error: (10/12/2013 10:53:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
 
Error: (10/12/2013 10:52:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/12/2013 10:51:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (10/11/2013 07:23:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/11/2013 07:19:24 PM) (Source: DCOM) (User: D3GL432J)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (10/11/2013 04:43:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
 
Error: (10/11/2013 04:42:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/11/2013 04:42:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (10/11/2013 02:58:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/11/2013 08:43:56 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
 
 
Microsoft Office Sessions:
=========================
Error: (10/10/2013 08:33:57 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (10/09/2013 10:33:34 AM) (Source: Application Hang)(User: )
Description: 1647812708
 
Error: (10/09/2013 10:33:23 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.44.0.0hungapp0.0.0.000000000
 
Error: (10/08/2013 10:07:47 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000
 
Error: (10/07/2013 02:25:14 PM) (Source: Iminent)(User: )
Description: Unexpected exception.
 
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   at System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Delegate.DynamicInvokeImpl(Object[] args)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
 
Error: (10/06/2013 00:50:32 PM) (Source: Application Error)(User: )
Description: ilivid.exe5.0.0.3958ilivid.exe5.0.0.3958000a1e89
 
Error: (10/05/2013 08:32:49 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.04ec674b2
 
Error: (10/05/2013 05:20:12 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000
 
Error: (10/05/2013 03:00:38 PM) (Source: Application Error)(User: )
Description: chrome.exe30.0.1599.690.0.0.000000000
 
Error: (10/04/2013 09:39:34 PM) (Source: PerfNet)(User: )
Description: 
 
 
=========================== Installed Programs ============================
 
964plc32 (Version: 1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 7.0 (Version: 7.0.0)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
Avanquest update (Version: 1.28)
avast! Free Antivirus (Version: 8.0.1497.0)
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
AXIS Camera Control 2.40
Bonjour (Version: 3.0.0.10)
Browser Defender 2.0.6.11 (Version: 2.0.6.11)
Chessmaster 7000
Corel Paint Shop Pro X (Version: 10.01)
Corel Photo Album 6 (Version: 6.33)
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Photo AIO Printer 964
Dell Support 5.0.0 (630)
Dell System Restore (Version: 2.00.0000)
ESPNMotion (Version: 2.1.6.0011)
Fast Browser Search (My Tattoons) (Version: 2.0)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
GemMaster Mystic
getPlus® (Version: 1.5.2.19)
Google Chrome (Version: 30.0.1599.69)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Quick Search Box (Version: 1.2.1151.245)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
GoToAssist 8.0.0.514
Graboid Video 3.41 Setup (Version: 3.4.1)
Graboid Video 3.42 (Version: 3.42)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
Intel Matrix Storage Manager
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.30.0000)
Intel® Quick Resume Technology Drivers (Version: 1.0.0.1093)
Intel® Viiv™ (Version: 1.0.1.2012)
iTunes (Version: 11.1.1.11)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
jv16 PowerTools 2011 (Version: )
LimeWire 5.1.2 (Version: 5.1.2)
Malwarebytes' Anti-Malware
MCU (Version: 1.00.0000)
Media Go (Version: 1.7.254)
Media Go Video Playback Engine 1.64.110.02280 (Version: 1.64.110.02280)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Monopoly
MSN
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Otto
PlayStation®Network Downloader (Version: 2.05.00710)
PlayStation®Store (Version: 4.1.8.11883)
Print to Fax (Version: 1.00)
QuickTime (Version: 7.74.80.86)
RealArcade
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Safari (Version: 5.34.57.2)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
Sony Ericsson PC Companion 2.01.231 (Version: 2.01.231)
Spyware Doctor 7.0 (Version: 7.0)
TeLL me More Everyday
The KMPlayer (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.2 (Version: 2.0.2)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 22%
Total physical RAM: 3070.09 MB
Available physical RAM: 2367.89 MB
Total Pagefile: 4449.31 MB
Available Pagefile: 3924.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.9 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:228.11 GB) (Free:136.62 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\
 
Administrator            charmac         Guest                    
HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 
 
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by charmac on 12/10/2013 at 11:48:36.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438C9553-B864-4C13-B737-F09D7BCD6F05}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{525A2FD5-8D69-439B-A5EB-CE645A2BA753}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59EF587E-2401-4364-A826-473F98A0EA1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB1653C3-F899-43FB-9D39-3B88CB26FF50}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322302236}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355305536}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366306636}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344304436}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\google\chrome\user data\default\bprotector web data"
Successfully deleted: [File] "C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\google\chrome\user data\default\bprotectorpreferences"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\charmacD3GL432J\Application Data\babsolution"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\delta"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\ilividtoolbarguid"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\searchquband"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\searchqutoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\searchresultstb"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\toolbar4"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Application Data\yontoo"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\ilivid player"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\minibar"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\bearshare applications"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\start menu\programs\browserprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\start menu\programs\filesfrog update checker"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Documents and Settings\charmac.D3GL432J\start menu\programs\torntv.com"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/10/2013 at 11:53:44.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by rotor123, 13 October 2013 - 10:25 AM.


#5 charmac

charmac
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 October 2013 - 06:47 AM

# AdwCleaner v3.007 - Report created 12/10/2013 at 12:15:43
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : charmac - D3GL432J
# Running from : C:\Documents and Settings\charmac.D3GL432J\My Documents\Downloads\AdwCleaner (4).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v30.0.1599.69
 
*************************
 
AdwCleaner[R0].txt - [50970 octets] - [09/10/2013 10:06:44]
AdwCleaner[R1].txt - [1170 octets] - [09/10/2013 10:19:42]
AdwCleaner[R2].txt - [2017 octets] - [09/10/2013 14:36:06]
AdwCleaner[R3].txt - [1368 octets] - [10/10/2013 13:46:33]
AdwCleaner[R4].txt - [1428 octets] - [10/10/2013 13:47:17]
AdwCleaner[R5].txt - [1301 octets] - [12/10/2013 12:14:31]
AdwCleaner[S0].txt - [50993 octets] - [09/10/2013 10:08:10]
AdwCleaner[S1].txt - [1236 octets] - [09/10/2013 10:21:19]
AdwCleaner[S2].txt - [2100 octets] - [09/10/2013 14:38:26]
AdwCleaner[S3].txt - [1493 octets] - [10/10/2013 13:48:52]
AdwCleaner[S4].txt - [1223 octets] - [12/10/2013 12:15:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1283 octets] ##########

Edited by rotor123, 13 October 2013 - 10:26 AM.


#6 charmac

charmac
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 October 2013 - 09:00 AM

C:\Documents and Settings\charmac.D3GL432J\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00134d Win32/Adware.Yontoo application deleted - quarantined
C:\Documents and Settings\charmac.D3GL432J\My Documents\Downloads\YontooUninstaller (1).exe Win32/Adware.Yontoo application deleted - quarantined
C:\Documents and Settings\charmac.D3GL432J\My Documents\Downloads\YontooUninstaller (2).exe Win32/Adware.Yontoo application deleted - quarantined
C:\Documents and Settings\charmac.D3GL432J\My Documents\Downloads\YontooUninstaller.exe Win32/Adware.Yontoo application deleted - quarantined

Edited by rotor123, 13 October 2013 - 10:26 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:31 AM

Posted 12 October 2013 - 07:10 PM

You're welcome Looks like we got it and others.

I see several things we need to address...

Your Hosts file is corrupt, so reset the Hosts file back to the default. Click the Fix-It button in the link.
 
 
These are outdated and malware will exploit them.
In Control Panel..Add/Remove ... uninstall
 
Adobe Reader 7.0 (Version: 7.0.0)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 25 (Version: 7.0.250)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
 
REBOOT the machine
 
Install
Adobe Reader 11.0.04 English
Java Version 7 Update 40
 
 
NOTE UNcheck  installing any extras.such as


Optional offer:


Yes, install Google Chrome as my default browser and Google Toolbar for Internet Explorer.

google_banner_225x66.png




 
 
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 charmac

charmac
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 13 October 2013 - 10:13 AM

Happy days are here again,  :bananas:

You're a true genius and gentleman boopme, thank you very much for ridding me of this pest, I would never in a million and one years been able to manage without your help, what you and your colleagues do to help complete strangers is nothing short of amazing. May you all be in heaven an hour before the devil even knows your dead. (it's an old Irish saying, don't worry it's all good) :thumbup2:

 

 

PS : I'm going to learn a bit more about my computer, so I won't make the same mistakes again, have you any suggestions where I should start??, I see young children as young as 5 years old playing with Ipads and stuff, when I was starting school I had a slate and a stick of chalk  :) how times have changed.


Edited by charmac, 13 October 2013 - 10:17 AM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:31 AM

Posted 14 October 2013 - 03:48 PM

Thanks and you are most welcome.!  For heaven I have an Assurance policy :) 
 
Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  •  
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

:thumbup2: Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to Updating your computer. Microsoft also recommends Internet 6 and 7 users to upgrade their browsers due to security vulnerabilities which can be exploited by hackers.

Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

 

 

Simple and easy ways to keep your computer safe and secure on the Internet


Edited by boopme, 14 October 2013 - 03:52 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users