Delete Domains
Right click on this link
DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Hosts File Corrupted
Download
HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
- Double click on HostsXpert.exe to launch the program.
- Click on Restore MS Hosts File to restore your Hosts file to its default condition.
- Click on Make ReadOnly to secure it against further infection.
- Exit the program.
Visit the
Website for more information.
Fix entries using HiJackThis
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entries listed below
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {79079250-9B03-54D9-C810-71AB5209A236} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Delete the following files and folders,
C:\Program Files\
ppcbooster
C:\WINDOWS\
svcho.exe
C:\Program Files\
p2pmax
This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,
'To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.'
Go to Start > Run and copy/paste or type: taskmgr
- Under the Processes tab find the following tasks or processes:
ViewpointService.exe
ViewMgr.exe
- Highlight and click "End Process".
- Exit Task Manager.
Click on Start > Run and type: services.msc
- Press "OK".
- Click the "Extended tab".
- Scroll down the list and find the service called "Viewpoint Manager Service"
- When you find the service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Disabled".
- Now click "Apply", then "OK" and close any open windows.
Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e.
Viewpoint, Viewpoint Manager, Viewpoint Media Player.
Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
To get an Uninstall List from HijackThis:
- Open HijackThis, click Config, click Misc Tools
- Click "Open Uninstall Manager"
- Click "Save List" (generates uninstall_list.txt)
- Click Save, copy and paste the results in your next post.