|
Answer» Ok so since I cleared cookies, Google seems to be doing better and it hasn't had that search lately
but sometimes it comes up with an extra window (most of the time it's blank) I think this often happens when I open a new tab but once in a while it can happen when I click on a link
I am using Firefox.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dlla variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dlla variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[emailprotected]\components\arcadewebfirefox.dlla variant of Win32/Adware.Gamevance.CM application
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7edmm5iv.default\extensions\[emailprotected]JS/Redirector.NCA trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadggcdddjdjdidjdbdadaggdedagfdf\background.htmlWin32/BHO.OEI trojan
C:\Documents and Settings\Owner\Local Settings\temp\dealcabby.exeWin32/Adware.DealCabby.A application
C:\Documents and Settings\Owner\Local Settings\temp\is135653842\MyBabylonTB.exeWin32/Toolbar.Babylon application
C:\Documents and Settings\Owner\Local Settings\Temporary INTERNET Files\Content.IE5\058G4Y2S\dealcabby[1].exeWin32/Adware.DealCabby.A application
C:\Documents and Settings\Owner\My Documents\Downloads\Angry Smileys Setup%FF_4fd745f23e391043701246_.exeWin32/Adware.MarketScore.A application
C:\Documents and Settings\Owner\My Documents\Downloads\donkey-kong.exea variant of Win32/InstallCore.AL application
C:\My Backup -- 12-02-04 0922PM\Documents and Settings\Owner\My Documents\CyberLink\Downloads\SoftonicDownloader62174.exea variant of Win32/SoftonicDownloader.A application
C:\My Backup -- 12-02-04 0922PM\Documents and Settings\Owner\My Documents\Downloads\FinalMediaPlayer2011Setup.exea variant of Win32/InstallIQ application
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP208\A0043492.dllprobably a variant of Win32/Adware.180Solutions application
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP208\A0043493.exeprobably a variant of Win32/Adware.HotBar.E application
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP223\A0044225.exeWin32/Adware.MarketScore.A application
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP270\A0048237.dlla variant of Win32/Adware.Gamevance.CL application
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP270\A0048370.exea variant of Win32/Adware.Gamevance.CO application
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP283\A0063894.dlla variant of Win32/Adware.Gamevance.CM application
You could try uninstalling and re-installing FireFox.
Please run ESET again. It didn't seem to cure the infections.C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[emailprotected]\components\arcadewebfirefox.dlla variant of Win32/Adware.Gamevance.CM applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7edmm5iv.default\extensions\[emailprotected]JS/Redirector.NCA trojandeleted - quarantined
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\180c027b-5cd59b3fmultiple threatsdeleted - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadggcdddjdjdidjdbdadaggdedagfdf\background.htmlWin32/BHO.OEI trojancleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WSL101BN\dealcabby[1].exeWin32/Adware.DealCabby.A applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\7zipSetup.exea variant of Win32/Adware.HotBar.P applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Angry Smileys Setup%FF_4fd745f23e391043701246_.exeWin32/Adware.MarketScore.A applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\donkey-kong.exea variant of Win32/InstallCore.AL applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\PDFcreator.exea variant of Win32/Adware.HotBar.P applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\PlayBryte_FA_Setup.exea variant of Win32/Adware.iBryte.C applicationcleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\SlammingsSetup_FF.exeWin32/Adware.MarketScore.A applicationcleaned by deleting - quarantined
C:\My Backup -- 12-02-04 0922PM\Documents and Settings\Owner\My Documents\CyberLink\Downloads\SoftonicDownloader62174.exea variant of Win32/SoftonicDownloader.A applicationcleaned by deleting - quarantined
C:\My Backup -- 12-02-04 0922PM\Documents and Settings\Owner\My Documents\Downloads\FinalMediaPlayer2011Setup.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exeWin32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP208\A0043493.exeprobably a variant of Win32/Adware.HotBar.E applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP223\A0044225.exeWin32/Adware.MarketScore.A applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP270\A0048237.dlla variant of Win32/Adware.Gamevance.CL applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP283\A0063894.dlla variant of Win32/Adware.Gamevance.CM applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP291\A0065084.exeWin32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067315.dllWin32/Toolbar.Funmoods applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067316.dllWin32/Toolbar.Funmoods applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067317.dllWin32/Toolbar.Funmoods applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067318.dllWin32/Toolbar.Funmoods applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067319.dllWin32/Toolbar.Funmoods applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067321.exeWin32/Toolbar.Funmoods applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067323.exeWin32/Adware.DealCabby.A applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067348.exeWin32/Toolbar.Babylon applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067385.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067386.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067387.dlla variant of Win32/Adware.Gamevance.CM applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067390.exea variant of Win32/SoftonicDownloader.A applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067391.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0067392.exeWin32/Toolbar.Widgi applicationcleaned by deleting - quarantined
That looks better. How's your computer running now?I still can't mess with the task manager too much and I still get pop ups when I click on certain links but that's about my only problems so far
Please do even if you don't have your OS CD.
Do you have an XP CD?
If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the SPACE between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
******************************************************
TIGHTEN Internet Explorer's security setting
* Since Internet Explorer is the leading browser it will always be the lead in attacks from the bad guys.
o Make your Internet Explorer more secure
1. From within Internet Explorer click the Tools menu and then on Internet Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the CUSTOM Level button.
+ Change the Download signed ActiveX controls to Prompt
+ Change the Download unsigned ActiveX controls to Disable
+ Change the Initialize and script ActiveX controls not marked as safe to Disable
+ Change the Installation of desktop items to Prompt
+ Change the Launching programs and files in an IFRAME to Prompt
+ Change the Navigate sub-frames across different domains to Prompt
+ When all these settings have been made, click on the OK button.
+ If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
Tighten Internet Explorer's security setting continued - Default Internet Explorer settings should be SET to high.
1. Start up IE then go to Tools > Internet Options > Security
2. Set the Security level for the Internet Zone to High. (If no slider is visible, click Default Level.)
3. Click the Trusted Sites icon.
4. Set the Security level for the this Zone to Medium. (If no slider is visible, click Default Level.)
5. Click OK.
|
