Help with Department of Justice Moneypak virus
- Thread starter Nomad300
- Start date
- Status
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.21.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]
2/21/2013 7:24:28 PM
mbam-log-2013-02-21 (19-24-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228274
Time elapsed: 7 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\User\AppData\Local\Temp\013b6cd61ab6.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\spoolsv.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\vlcplayer.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
(end)
Okay, computer is restarting, and I will start the hitmanpro step.
www.malwarebytes.org
Database version: v2013.02.21.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]
2/21/2013 7:24:28 PM
mbam-log-2013-02-21 (19-24-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228274
Time elapsed: 7 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\User\AppData\Local\Temp\013b6cd61ab6.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\spoolsv.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\vlcplayer.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
(end)
Okay, computer is restarting, and I will start the hitmanpro step.
Code:
HitmanPro 3.7.2.188
www.hitmanpro.com
Computer name . . . . : USER-PC
Windows . . . . . . . : 6.1.0.7600.X64/2
User name . . . . . . : User-PC\User
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-02-21 19:44:51
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 25
Traces . . . . . . . : 81
Objects scanned . . . : 1,373,044
Files scanned . . . . : 34,813
Remnants scanned . . : 395,363 files / 942,868 keys
Malware _____________________________________________________________________
C:\Windows\mshtfo32.dll
Size . . . . . . . : 74,752 bytes
Age . . . . . . . : 87.4 days (2012-11-26 10:21:22)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 26CF45BABC4541254E14F5418D8794455EF5ABA03BD502C9C65E27A18D625108
Product . . . . . : Pound grass practical applied pitch.
Publisher . . . . : UNICOOP TIRRENO
Description . . . : Pound grass practical applied pitch.
Version . . . . . : 2,3,7,1
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Trojan.Generic.8246940 (Engine A)
> Ikarus . . . . . . : Trojan-Spy.Win32.Ursnif!IK
Fuzzy . . . . . . : 102.0
C:\Windows\mshtfo3264.dll
Size . . . . . . . : 81,920 bytes
Age . . . . . . . : 87.4 days (2012-11-26 11:04:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 683FC652FB84F9DB58AD6B43C8C2A385531930FC7BD51E3EA8BC1B3F65DEEDB0
Product . . . . . : Limited, yours leant ordinary.
Publisher . . . . : PENNSYLVANIA
Description . . . : Limited, yours leant ordinary.
Version . . . . . : 6,0,8,6
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Win32:Dropper-gen [Drp]
> Ikarus . . . . . . : Trojan-Spy.Win64!IK
Fuzzy . . . . . . : 102.0
C:\Windows\system32\mshtfo3264.dll
Size . . . . . . . : 81,920 bytes
Age . . . . . . . : 87.4 days (2012-11-26 10:21:22)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 683FC652FB84F9DB58AD6B43C8C2A385531930FC7BD51E3EA8BC1B3F65DEEDB0
Product . . . . . : Limited, yours leant ordinary.
Publisher . . . . : PENNSYLVANIA
Description . . . : Limited, yours leant ordinary.
Version . . . . . : 6,0,8,6
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Win32:Dropper-gen [Drp]
> Ikarus . . . . . . : Trojan-Spy.Win64!IK
Fuzzy . . . . . . : 102.0
Malware remnants ____________________________________________________________
C:\Program Files (x86)\PricePeep\ (Adware.ClickPotato)
C:\Program Files (x86)\PricePeep\installer.ico (Adware.ClickPotato)
C:\Program Files (x86)\PricePeep\pricepeep.crx (Adware.ClickPotato)
C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.ClickPotato)
Size . . . . . . . : 497,008 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:18)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 3F7383407B729554610A6E67F0D7560B9459B4AA1638FD43E19AEDDFF60CCFDC
Product . . . . . : PricePeep
Publisher . . . . : PricePeep
Description . . . : PricePeep
Version . . . . . : 2.1.355.0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -11.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKLM\SOFTWARE\Wow6432Node\Classes\PricePeep.PricePeepBho.1\
HKLM\SOFTWARE\Wow6432Node\Classes\PricePeep.PricePeepBho\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
C:\Program Files (x86)\PricePeep\uninstall.exe (Adware.ClickPotato)
Size . . . . . . . : 86,391 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:18)
Entropy . . . . . : 7.1
SHA-256 . . . . . : CB17E95EFA15A6DB1C447CD55FB35DEA92F6F442FA35B47A95053F0C135E955E
Fuzzy . . . . . . : -2.0
HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep\ (Adware.ClickPotato)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\AppDataLow\Software\PricePeep\ (Adware.ClickPotato)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Yontoo\ (Yontoo)
C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo)
Size . . . . . . . : 133,632 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66
Fuzzy . . . . . . : 6.0
C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo)
Size . . . . . . . : 194,928 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:19)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9
Product . . . . . : Yontoo Runtime
Publisher . . . . : Yontoo LLC
Description . . . : Yontoo Runtime
Version . . . . . : 1.10.01
Copyright . . . . : Copyright (c) 2011 Yontoo LLC. All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -3.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\
HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo)
HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Classes\s\ (Softonic)
HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
Cookies _____________________________________________________________________
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ext.myshopres.com
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\PIP5RJ9M.txt
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:a1.interclick.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:adinterax.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:apmebf.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:atdmt.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:collective-media.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:doubleclick.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:interclick.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:invitemedia.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:mediaplex.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:questionmarket.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:statse.webtrendslive.com
- Oct 5, 2012
- 2,697
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code:
:Files
C:\ProgramData\mshtfo3264.dll
C:\ProgramData\mshtfo32.dll
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
:Commands
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[Reboot]<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
Last edited by a moderator:
Code:
HitmanPro 3.7.2.188
www.hitmanpro.com
Computer name . . . . : USER-PC
Windows . . . . . . . : 6.1.0.7600.X64/2
User name . . . . . . : User-PC\User
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (31 days left)
Scan date . . . . . . : 2013-02-21 19:44:51
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 25
Traces . . . . . . . : 81
Objects scanned . . . : 1,373,044
Files scanned . . . . : 34,813
Remnants scanned . . : 395,363 files / 942,868 keys
Malware _____________________________________________________________________
C:\Windows\mshtfo32.dll -> Deleted
Size . . . . . . . : 74,752 bytes
Age . . . . . . . : 87.4 days (2012-11-26 10:21:22)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 26CF45BABC4541254E14F5418D8794455EF5ABA03BD502C9C65E27A18D625108
Product . . . . . : Pound grass practical applied pitch.
Publisher . . . . : UNICOOP TIRRENO
Description . . . : Pound grass practical applied pitch.
Version . . . . . : 2,3,7,1
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Trojan.Generic.8246940 (Engine A)
> Ikarus . . . . . . : Trojan-Spy.Win32.Ursnif!IK
Fuzzy . . . . . . : 102.0
C:\Windows\mshtfo3264.dll -> Deleted
Size . . . . . . . : 81,920 bytes
Age . . . . . . . : 87.4 days (2012-11-26 11:04:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 683FC652FB84F9DB58AD6B43C8C2A385531930FC7BD51E3EA8BC1B3F65DEEDB0
Product . . . . . : Limited, yours leant ordinary.
Publisher . . . . : PENNSYLVANIA
Description . . . : Limited, yours leant ordinary.
Version . . . . . : 6,0,8,6
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Win32:Dropper-gen [Drp]
> Ikarus . . . . . . : Trojan-Spy.Win64!IK
Fuzzy . . . . . . : 102.0
C:\Windows\system32\mshtfo3264.dll -> Deleted
Size . . . . . . . : 81,920 bytes
Age . . . . . . . : 87.4 days (2012-11-26 10:21:22)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 683FC652FB84F9DB58AD6B43C8C2A385531930FC7BD51E3EA8BC1B3F65DEEDB0
Product . . . . . : Limited, yours leant ordinary.
Publisher . . . . : PENNSYLVANIA
Description . . . : Limited, yours leant ordinary.
Version . . . . . : 6,0,8,6
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Win32:Dropper-gen [Drp]
> Ikarus . . . . . . : Trojan-Spy.Win64!IK
Fuzzy . . . . . . : 102.0
Malware remnants ____________________________________________________________
C:\Program Files (x86)\PricePeep\ (Adware.ClickPotato) -> Deleted
C:\Program Files (x86)\PricePeep\installer.ico (Adware.ClickPotato) -> Deleted
C:\Program Files (x86)\PricePeep\pricepeep.crx (Adware.ClickPotato) -> Deleted
C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.ClickPotato) -> Deleted
Size . . . . . . . : 497,008 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:18)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 3F7383407B729554610A6E67F0D7560B9459B4AA1638FD43E19AEDDFF60CCFDC
Product . . . . . : PricePeep
Publisher . . . . : PricePeep
Description . . . : PricePeep
Version . . . . . : 2.1.355.0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -11.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKLM\SOFTWARE\Wow6432Node\Classes\PricePeep.PricePeepBho.1\
HKLM\SOFTWARE\Wow6432Node\Classes\PricePeep.PricePeepBho\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
C:\Program Files (x86)\PricePeep\uninstall.exe (Adware.ClickPotato) -> Deleted
Size . . . . . . . : 86,391 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:18)
Entropy . . . . . : 7.1
SHA-256 . . . . . : CB17E95EFA15A6DB1C447CD55FB35DEA92F6F442FA35B47A95053F0C135E955E
Fuzzy . . . . . . : -2.0
HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep\ (Adware.ClickPotato) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\AppDataLow\Software\PricePeep\ (Adware.ClickPotato) -> Deleted
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Yontoo\ (Yontoo)
C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo)
Size . . . . . . . : 133,632 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66
Fuzzy . . . . . . : 6.0
C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo)
Size . . . . . . . : 194,928 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:19)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9
Product . . . . . : Yontoo Runtime
Publisher . . . . : Yontoo LLC
Description . . . : Yontoo Runtime
Version . . . . . : 1.10.01
Copyright . . . . : Copyright (c) 2011 Yontoo LLC. All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -3.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\
HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo)
HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Classes\s\ (Softonic)
HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
Cookies _____________________________________________________________________
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ext.myshopres.com
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\PIP5RJ9M.txt
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:a1.interclick.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:adinterax.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:apmebf.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:atdmt.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:collective-media.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:doubleclick.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:interclick.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:invitemedia.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:mediaplex.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:questionmarket.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:statse.webtrendslive.com
Code:
HitmanPro 3.7.2.188
www.hitmanpro.com
Computer name . . . . : USER-PC
Windows . . . . . . . : 6.1.0.7600.X64/2
User name . . . . . . : User-PC\User
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (31 days left)
Scan date . . . . . . : 2013-02-21 19:44:51
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 25
Traces . . . . . . . : 81
Objects scanned . . . : 1,373,044
Files scanned . . . . : 34,813
Remnants scanned . . : 395,363 files / 942,868 keys
Malware _____________________________________________________________________
C:\Windows\mshtfo32.dll -> Deleted
Size . . . . . . . : 74,752 bytes
Age . . . . . . . : 87.4 days (2012-11-26 10:21:22)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 26CF45BABC4541254E14F5418D8794455EF5ABA03BD502C9C65E27A18D625108
Product . . . . . : Pound grass practical applied pitch.
Publisher . . . . : UNICOOP TIRRENO
Description . . . : Pound grass practical applied pitch.
Version . . . . . : 2,3,7,1
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Trojan.Generic.8246940 (Engine A)
> Ikarus . . . . . . : Trojan-Spy.Win32.Ursnif!IK
Fuzzy . . . . . . : 102.0
C:\Windows\mshtfo3264.dll -> Deleted
Size . . . . . . . : 81,920 bytes
Age . . . . . . . : 87.4 days (2012-11-26 11:04:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 683FC652FB84F9DB58AD6B43C8C2A385531930FC7BD51E3EA8BC1B3F65DEEDB0
Product . . . . . : Limited, yours leant ordinary.
Publisher . . . . : PENNSYLVANIA
Description . . . : Limited, yours leant ordinary.
Version . . . . . : 6,0,8,6
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Win32:Dropper-gen [Drp]
> Ikarus . . . . . . : Trojan-Spy.Win64!IK
Fuzzy . . . . . . : 102.0
C:\Windows\system32\mshtfo3264.dll -> Deleted
Size . . . . . . . : 81,920 bytes
Age . . . . . . . : 87.4 days (2012-11-26 10:21:22)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 683FC652FB84F9DB58AD6B43C8C2A385531930FC7BD51E3EA8BC1B3F65DEEDB0
Product . . . . . : Limited, yours leant ordinary.
Publisher . . . . : PENNSYLVANIA
Description . . . : Limited, yours leant ordinary.
Version . . . . . : 6,0,8,6
Copyright . . . . : Copyright (C) 2010
> G Data . . . . . . : Win32:Dropper-gen [Drp]
> Ikarus . . . . . . : Trojan-Spy.Win64!IK
Fuzzy . . . . . . : 102.0
Malware remnants ____________________________________________________________
C:\Program Files (x86)\PricePeep\ (Adware.ClickPotato) -> Deleted
C:\Program Files (x86)\PricePeep\installer.ico (Adware.ClickPotato) -> Deleted
C:\Program Files (x86)\PricePeep\pricepeep.crx (Adware.ClickPotato) -> Deleted
C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.ClickPotato) -> Deleted
Size . . . . . . . : 497,008 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:18)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 3F7383407B729554610A6E67F0D7560B9459B4AA1638FD43E19AEDDFF60CCFDC
Product . . . . . : PricePeep
Publisher . . . . : PricePeep
Description . . . : PricePeep
Version . . . . . : 2.1.355.0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -11.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKLM\SOFTWARE\Wow6432Node\Classes\PricePeep.PricePeepBho.1\
HKLM\SOFTWARE\Wow6432Node\Classes\PricePeep.PricePeepBho\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\
C:\Program Files (x86)\PricePeep\uninstall.exe (Adware.ClickPotato) -> Deleted
Size . . . . . . . : 86,391 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:18)
Entropy . . . . . : 7.1
SHA-256 . . . . . : CB17E95EFA15A6DB1C447CD55FB35DEA92F6F442FA35B47A95053F0C135E955E
Fuzzy . . . . . . : -2.0
HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep\ (Adware.ClickPotato) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\AppDataLow\Software\PricePeep\ (Adware.ClickPotato) -> Deleted
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> PendingDelete
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Yontoo\ (Yontoo)
C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo)
Size . . . . . . . : 133,632 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66
Fuzzy . . . . . . : 6.0
C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo)
Size . . . . . . . : 194,928 bytes
Age . . . . . . . : 73.5 days (2012-12-10 08:23:19)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9
Product . . . . . : Yontoo Runtime
Publisher . . . . : Yontoo LLC
Description . . . : Yontoo Runtime
Version . . . . . : 1.10.01
Copyright . . . . : Copyright (c) 2011 Yontoo LLC. All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -3.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\
HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo)
HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Classes\s\ (Softonic)
HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo)
HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
HKU\S-1-5-21-2488982566-3392821603-1833236861-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
Cookies _____________________________________________________________________
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ext.myshopres.com
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\PIP5RJ9M.txt
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:a1.interclick.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:adinterax.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:apmebf.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:atdmt.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:collective-media.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:doubleclick.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:interclick.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:invitemedia.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:mediaplex.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:questionmarket.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j5rcxobi.default\cookies.sqlite:statse.webtrendslive.comAll processes killed
========== FILES ==========
C:\ProgramData\mshtfo3264.dll moved successfully.
C:\ProgramData\mshtfo32.dll moved successfully.
File\Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 456362495 bytes
->Temporary Internet Files folder emptied: 3546034357 bytes
->Java cache emptied: 5082247 bytes
->FireFox cache emptied: 9622066 bytes
->Google Chrome cache emptied: 7058326 bytes
->Flash cache emptied: 3768 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 454371511 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36034419 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4,305.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: User
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02212013_201908
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4VTNNL5\tweet_button.1360972506[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T707VR3\fastbutton[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30P11XXP\Thread-Help-with-Department-of-Justice-Moneypak-virus[2].htm moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== FILES ==========
C:\ProgramData\mshtfo3264.dll moved successfully.
C:\ProgramData\mshtfo32.dll moved successfully.
File\Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 456362495 bytes
->Temporary Internet Files folder emptied: 3546034357 bytes
->Java cache emptied: 5082247 bytes
->FireFox cache emptied: 9622066 bytes
->Google Chrome cache emptied: 7058326 bytes
->Flash cache emptied: 3768 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 454371511 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36034419 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4,305.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: User
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02212013_201908
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4VTNNL5\tweet_button.1360972506[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T707VR3\fastbutton[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30P11XXP\Thread-Help-with-Department-of-Justice-Moneypak-virus[2].htm moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- Oct 5, 2012
- 2,697
We are almost done... Are you facing any other issues on the computer now?
STEP 1: Run a scan with Junkware Removal Tool
Please download Junkware Removal Tool to your desktop from here
STEP 2: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 1: Run a scan with Junkware Removal Tool
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
STEP 2: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
Last edited by a moderator:
The only thing I am noticing is when I press post reply on my computer, it does nothing. I click on new reply, type my message or copy and paste the logs, and it keeps telling me the message is too small. I keep saving all the logs to my flash drive and using another computer to talk to you on. Other than that, everything seems to be going normal so far. I'm starting the junkware tool now.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by User on Thu 02/21/2013 at 20:37:03.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j5rcxobi.default\minidumps [3 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/21/2013 at 20:48:02.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
with just using the junkware tool my post reply and stuff is working again. Running adwcleaner now.
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by User on Thu 02/21/2013 at 20:37:03.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j5rcxobi.default\minidumps [3 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\licjnkifamhpbaefhdpacpmihicfbomb
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/21/2013 at 20:48:02.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
with just using the junkware tool my post reply and stuff is working again. Running adwcleaner now.
# AdwCleaner v2.112 - Logfile created 02/21/2013 at 20:52:53
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61UNBIQG\adwcleaner0.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.1 (en-US)
-\\ Google Chrome v24.0.1312.57
*************************
AdwCleaner[S1].txt - [5221 octets] - [21/02/2013 20:52:53]
########## EOF - C:\AdwCleaner[S1].txt - [5281 octets] ##########
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61UNBIQG\adwcleaner0.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.1 (en-US)
-\\ Google Chrome v24.0.1312.57
*************************
AdwCleaner[S1].txt - [5221 octets] - [21/02/2013 20:52:53]
########## EOF - C:\AdwCleaner[S1].txt - [5281 octets] ##########
- Oct 5, 2012
- 2,697
Great to hear that... :dance3: :dance3: :dance3:
Double click on OTL to run it
Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.
For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one
For Vista
Create a restore point
Delete all but the most recent restore point
For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link
Keep your system updated
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
<hr />
What's next?
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Double click on OTL to run it
- Click on the Cleanup button at the top.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
- This will remove itself and other tools we may have used.
Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.
For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one
For Vista
Create a restore point
Delete all but the most recent restore point
For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link
Keep your system updated
- Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
- Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
- Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
- avast! 7 Home Edition - Don't use it with Online Armor
- Avira AntiVir Personal
- Microsoft Security Essentials
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
- Online Armor
- Comodo Firewall - If you are an advance user
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
- KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
- AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
- NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
- Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
<hr />
What's next?
- Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
- Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
- Be an active member in the MalwareTips community!
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Alright, I did the clean up. I'm running out of time tonight to do the other steps you've suggested. I will definently get to those on monday! I greatly appreciate you helping me out and getting me into my computer again. All of my childrens photo's and videos are here and I couldn't be happier Time to go buy a couple more usb sticks and start saving them on multiple ones as back up! I'll be refering anyone I know that has problems with their pc to this site for sure!
Time to go buy a couple more usb sticks and start saving them on multiple ones as back up! I'll be refering anyone I know that has problems with their pc to this site for sure!
- Oct 5, 2012
- 2,697
It is better to use DVD's or External hard Drive to save all those photos.....
<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. </></span>
<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>
All members requesting Malware Removal Assistance are required to follow all procedures in the thread
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
This thread is now closed.
Reason: <span style="color: #ff0000;">Issue Resolved</span>
<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. </></span>
<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>
All members requesting Malware Removal Assistance are required to follow all procedures in the thread
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Last edited by a moderator:
- Status
Similar threads
- Locked
