Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting & Iexplore.exe


  • This topic is locked This topic is locked
17 replies to this topic

#1 joboo78

joboo78

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 13 November 2011 - 09:41 PM

Hello,

So recently I have been unable to to click any links in google without them redirecting me (ususally 'get-answers-fast' will pop-up first and then I'll be redirected to some ad site). In addition I keep getting a windows pop-up that "Iexplore.exe has stopped running." I never had this pop-up before. I have PC Tools Spyware Doctor which usually sends me a pop-up when it is blocking something. Thankfully it still seems to be working but the amount of pop-ups I have to block is out of control.

Finally, in general my computer is running slower since this started and typing will spontaneously stop. Even typing this message it will completely stop and/or skip over certain keys on my laptop. This never happened before, and I keep my laptop and its keyboard clean so I'm sure its something to do with the above.

Thanks a million for your help!! You all are great and patiently await your reply... Below is my DDS.txt log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by j_banta at 18:54:03 on 2011-11-13
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.178 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\PROGRA~1\FILMFA~2\bar\1.bin\pabarsvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
uURLSearchHooks: N/A: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {018f062a-d688-482b-a3d2-9740f8598fca} - c:\users\j_banta\appdata\local\TrayUser.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\bh\BabylonToolbar.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Toolbar BHO: {631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\progra~1\filmfa~2\bar\1.bin\pabar.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {C26CD490-5F01-41E3-B150-EB29F19DA056} - No File
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll
BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Search Assistant BHO: {d5e9b421-c309-41de-9014-800a2adcdeb0} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll
TB: FilmFanatic: {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [DirectxBackupManager] rundll32.exe "c:\programdata\DirectxBackupManager.dll",DllRegisterServer
uRun: [Foxit Update] rundll32 "c:\users\j_banta\appdata\local\google\googleupdate\Googleup.dll",DllRegisterServer
uRun: [PCTools Update] rundll32 "c:\users\j_banta\appdata\local\downloaded installations\downloadedupdate\Downloadedup.dll",DllRegisterServer
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [<NO NAME>]
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
mRun: [FilmFanatic Browser Plugin Loader] c:\progra~1\filmfa~2\bar\1.bin\pabrmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://uacwireless.gmu.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{CB535D14-FA86-4432-BDF1-07C506FF7361} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715} : DhcpNameServer = 68.87.64.150 68.87.75.198
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\j_banta\appdata\roaming\mozilla\firefox\profiles\1i02djqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll
FF - component: c:\users\j_banta\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: c:\users\j_banta\appdata\roaming\mozilla\firefox\profiles\1i02djqd.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\j_banta\appdata\roaming\mozilla\firefox\profiles\1i02djqd.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\users\j_banta\appdata\roaming\mozilla\firefox\profiles\1i02djqd.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\program files\filmfanatic\bar\1.bin\NPpaStub.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\televisionfanatic\bar\1.bin\NP64Stub.dll
FF - plugin: c:\users\j_banta\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestDns: {C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} - c:\program files\mozilla firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: TelevisionFanatic: 64ffxtbr@TelevisionFanatic.com - c:\program files\televisionfanatic\bar\1.bin
FF - Ext: FilmFanatic: paffxtbr@FilmFanatic.com - c:\program files\filmfanatic\bar\1.bin
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\pricegong\2.1.0\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - e43ffab5-6a30-4c71-9a70-b1c8d24deaa5
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-21 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-21 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-21 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-7-26 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-7-26 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-7-21 251560]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-21 233976]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-21 337872]
R2 FilmFanaticService;FilmFanaticService;c:\progra~1\filmfa~2\bar\1.bin\pabarsvc.exe [2011-6-9 42504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-7-21 70664]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-7-26 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-31 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-5-26 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-31 135664]
.
=============== Created Last 30 ================
.
2011-11-13 23:17:13 -------- d-----w- c:\windows\system32\wbem\Logs
2011-11-13 22:34:56 -------- d-----w- c:\users\j_banta\appdata\roaming\DriverCure
2011-11-13 22:34:49 -------- d-----w- c:\users\j_banta\appdata\roaming\SpeedyPC Software
2011-11-13 22:33:33 -------- d-----w- c:\program files\common files\SpeedyPC Software
2011-11-13 22:33:29 -------- d-----w- c:\programdata\SpeedyPC Software
2011-11-13 22:33:29 -------- d-----w- c:\program files\SpeedyPC Software
2011-11-10 15:02:22 -------- d-----w- C:\66424056cd18251a95a867ef3f7578
2011-11-09 18:46:00 275968 ----a-w- c:\users\j_banta\appdata\local\TrayUser.dll
2011-11-09 18:43:58 107520 ----a-w- c:\programdata\DirectxBackupManager.dll
2011-11-09 15:43:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 15:43:46 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:43:45 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-07 06:31:00 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-11-07 06:30:53 -------- d-----w- c:\programdata\Tarma Installer
.
==================== Find3M ====================
.
2011-11-13 23:19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 19:04:06.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 joboo78

joboo78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 November 2011 - 01:45 PM

Sorry to bother... One other issue that has appeared is a windows pop-up that states "Windows host process Rundll32 has stopped working" - never saw this previously. And, I have received sudden emails that look like they are coming from my outlook to weird craigslist destinations. I never even configured my Outlook so I have no idea what's going on here. I just that I would add this info.

Thanks again,
Joe

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 18 November 2011 - 09:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427783 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 21 November 2011 - 03:23 PM

Hi,

Welcome to Bleeping Computer. My name is oneof4 and I will be helping you with your log.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic box to the right of your topic title and selecting Immediate Notification.


Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

Best Regards,
oneof4.


#5 joboo78

joboo78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 21 November 2011 - 05:37 PM

Hello OneOf4,

I'm still here... Just let me know how to proceed and I will be quick to respond.

Thanks amillion for your help!

-Joe

#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 23 November 2011 - 08:31 AM

Hey joboo78 :)

Just to update you, I'm presently researching your scans and preparing a fix. I'll be back with you ASAP!

Best Regards,
oneof4.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 23 November 2011 - 11:18 AM

Hello joboo78, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Please download Combofix from This Webpage...and read through the instructions there for running the tool.

NOTE: After running ComboFix, you will probably notice toolbars that were present in your web browser, are now no longer there. I can explain that to you if you need me to.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Best Regards,
oneof4.


#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 26 November 2011 - 07:49 PM

Hello joboo78, are you still with us?

Best Regards,
oneof4.


#9 joboo78

joboo78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 28 November 2011 - 10:42 AM

Hello,

I'm still here. I had to travel for the holidays and deal with the family ;) Anyway, I am going to follow your directions in post 7 and I will reply with the results as soon as I have them - today.

Again, thank you so much for your help!!

Best,

Joe

#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 28 November 2011 - 01:05 PM

:thumbup2:

Best Regards,
oneof4.


#11 joboo78

joboo78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 28 November 2011 - 01:06 PM

Hello,

So I ran Combofix, which the results are below. Now I am getting the following message - "This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel." This happens every time I try to open any application. Although I right-clicked and was able to access the internet with no problem.

Again, thank you so much!!

-Joe





ComboFix 11-11-28.02 - j_banta 11/28/2011 11:56:24.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.1069 [GMT -5:00]
Running from: c:\users\j_banta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HJPFJKY\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\searchplugins\bing-zugo.xml
.
---- Previous Run -------
.
c:\progra~1\TELEVI~2\bar\1.bin\64BAr.dll
c:\program files\FilmFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\FilmFanatic\bar\1.bin\chrome\paffxtbr.jar
c:\program files\FilmFanatic\bar\1.bin\INSTALL.RDF
c:\program files\FilmFanatic\bar\1.bin\LOGO.BMP
c:\program files\FilmFanatic\bar\1.bin\NPpaStub.dll
c:\program files\FilmFanatic\bar\1.bin\paauxstb.dll
c:\program files\FilmFanatic\bar\1.bin\pabar.dll
c:\program files\FilmFanatic\bar\1.bin\pabarsvc.exe
c:\program files\FilmFanatic\bar\1.bin\pabrmon.exe
c:\program files\FilmFanatic\bar\1.bin\pabrstub.dll
c:\program files\FilmFanatic\bar\1.bin\padatact.dll
c:\program files\FilmFanatic\bar\1.bin\padlghk.dll
c:\program files\FilmFanatic\bar\1.bin\padyn.dll
c:\program files\FilmFanatic\bar\1.bin\pafeedmg.dll
c:\program files\FilmFanatic\bar\1.bin\pahighin.exe
c:\program files\FilmFanatic\bar\1.bin\pahtml.dll
c:\program files\FilmFanatic\bar\1.bin\pahtmlmu.dll
c:\program files\FilmFanatic\bar\1.bin\pahttpct.dll
c:\program files\FilmFanatic\bar\1.bin\paidle.dll
c:\program files\FilmFanatic\bar\1.bin\paieovr.dll
c:\program files\FilmFanatic\bar\1.bin\paimpipe.exe
c:\program files\FilmFanatic\bar\1.bin\pamedint.exe
c:\program files\FilmFanatic\bar\1.bin\pamlbtn.dll
c:\program files\FilmFanatic\bar\1.bin\pamsg.dll
c:\program files\FilmFanatic\bar\1.bin\paPlugin.dll
c:\program files\FilmFanatic\bar\1.bin\paradio.dll
c:\program files\FilmFanatic\bar\1.bin\paregfft.dll
c:\program files\FilmFanatic\bar\1.bin\paregiet.dll
c:\program files\FilmFanatic\bar\1.bin\pascript.dll
c:\program files\FilmFanatic\bar\1.bin\paskin.dll
c:\program files\FilmFanatic\bar\1.bin\paskplay.exe
c:\program files\FilmFanatic\bar\1.bin\paSrcAs.dll
c:\program files\FilmFanatic\bar\1.bin\patpinst.dll
c:\program files\FilmFanatic\bar\1.bin\pauabtn.dll
c:\program files\FilmFanatic\bar\1.bin\T8RES.DLL
c:\program files\FilmFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\FilmFanatic\bar\Message\COMMON.T8S
c:\program files\FilmFanatic\bar\Settings\s_pid.dat
c:\program files\Gamevance\ars.cfg
c:\program files\Gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvun.exe
c:\program files\Gamevance\icon.ico
c:\program files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome\questdns.jar
c:\program files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\install.rdf
c:\program files\TelevisionFanatic\bar\1.bin\64auxstb.dll
c:\program files\TelevisionFanatic\bar\1.bin\64BAr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brmon.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64datact.dll
c:\program files\TelevisionFanatic\bar\1.bin\64DLghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64DYn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64FEedmg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files\TelevisionFanatic\bar\1.bin\64html.dll
c:\program files\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files\TelevisionFanatic\bar\1.bin\64HTtpct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files\TelevisionFanatic\bar\1.bin\64MLbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64MSg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64Plugin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64RAdio.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regfft.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regiet.dll
c:\program files\TelevisionFanatic\bar\1.bin\64SCript.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files\TelevisionFanatic\bar\1.bin\64SRcas.dll
c:\program files\TelevisionFanatic\bar\1.bin\64TPinst.dll
c:\program files\TelevisionFanatic\bar\1.bin\64UAbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files\TelevisionFanatic\bar\1.bin\INSTALL.RDF
c:\program files\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\vlc-1.0.1-win32.exe
c:\programdata\vlc-1.0.2-win32.exe
c:\programdata\vlc-1.0.3-win32.exe
c:\users\j_banta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest
c:\users\j_banta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar
c:\users\j_banta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
c:\users\j_banta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt
c:\users\j_banta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{5891d865-0763-4ee4-a706-39f4c5cbc68f}\chrome.manifest
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{5891d865-0763-4ee4-a706-39f4c5cbc68f}\chrome\xulcache.jar
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{5891d865-0763-4ee4-a706-39f4c5cbc68f}\defaults\preferences\xulcache.js
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{5891d865-0763-4ee4-a706-39f4c5cbc68f}\install.rdf
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{9a420547-ba9d-4379-be1f-235d875f86fb}\chrome.manifest
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{9a420547-ba9d-4379-be1f-235d875f86fb}\chrome\xulcache.jar
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{9a420547-ba9d-4379-be1f-235d875f86fb}\defaults\preferences\xulcache.js
c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\extensions\{9a420547-ba9d-4379-be1f-235d875f86fb}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FilmFanaticService
-------\Service_TelevisionFanaticService
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 17:27 . 2011-11-28 17:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73DB4528-80D6-48B2-AB34-DC6549B811C8}\offreg.dll
2011-11-28 17:27 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73DB4528-80D6-48B2-AB34-DC6549B811C8}\mpengine.dll
2011-11-13 23:17 . 2011-11-17 19:54 -------- d-----w- c:\windows\system32\wbem\Logs
2011-11-13 23:16 . 2011-11-14 16:10 -------- d-----w- c:\windows\Debug
2011-11-13 22:34 . 2011-11-13 22:34 -------- d-----w- c:\users\j_banta\AppData\Roaming\DriverCure
2011-11-13 22:34 . 2011-11-13 22:34 -------- d-----w- c:\users\j_banta\AppData\Roaming\SpeedyPC Software
2011-11-13 22:33 . 2011-11-13 22:33 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2011-11-13 22:33 . 2011-11-13 22:33 -------- d-----w- c:\programdata\SpeedyPC Software
2011-11-13 22:33 . 2011-11-13 22:33 -------- d-----w- c:\program files\SpeedyPC Software
2011-11-10 15:02 . 2011-11-10 15:11 -------- d-----w- C:\66424056cd18251a95a867ef3f7578
2011-11-09 15:43 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 15:43 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:43 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-07 06:31 . 2011-11-07 06:31 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 22:07 . 2011-07-22 14:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2010-08-03 23:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30 . 2011-10-12 19:45 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 07:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 07:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 07:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2008-11-14 21:08 . 2008-11-14 21:08 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-11-14 21:07 . 2008-11-14 21:07 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-11-14 21:07 . 2008-11-14 21:07 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-11-14 21:07 . 2008-11-14 21:07 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-11-14 21:08 . 2008-11-14 21:08 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-11-14 21:07 . 2008-11-14 21:07 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-11-14 21:08 . 2008-11-14 21:08 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 20:33 . 2007-03-16 20:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 20:33 . 2007-03-16 20:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 20:33 . 2007-03-16 20:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-10-30 19:13 . 2008-10-30 19:13 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-11-14 21:07 . 2008-11-14 21:07 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-26 115560]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-05-26 23888]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 135664]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 23:02]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 23:02]
.
2011-11-04 c:\windows\Tasks\HPCeeScheduleForj_banta.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-11-13 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2011-11-27 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-13 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
FF - ProfilePath - c:\users\j_banta\AppData\Roaming\Mozilla\Firefox\Profiles\1i02djqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z002&form=ZGAADF&q=
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files\PriceGong\2.1.0\FF
FF - user.js: extentions.y2layers.installId - e43ffab5-6a30-4c71-9a70-b1c8d24deaa5
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{018F062A-D688-482B-A3D2-9740F8598FCa} - c:\users\j_banta\AppData\Local\TrayUser.dll
BHO-{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-DirectxBackupManager - c:\programdata\DirectxBackupManager.dll
HKCU-Run-Foxit Update - c:\users\j_banta\AppData\Local\Google\GoogleUpdate\Googleup.dll
HKCU-Run-PCTools Update - c:\users\j_banta\AppData\Local\Downloaded Installations\DownloadedUpdate\Downloadedup.dll
SafeBoot-Symantec Antvirus
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\windows defender\MpCmdRun.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2011-11-28 12:54:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 17:54
.
Pre-Run: 83,465,510,912 bytes free
Post-Run: 85,185,654,784 bytes free
.
- - End Of File - - 594A26146885E19ABD957A33063EF218

#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 29 November 2011 - 09:14 AM

Hey joboo78 :)

"This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel." This happens every time I try to open any application.


Have you tried a simple "reboot" of the computer? Sometimes, that will put things back in order. If you haven't, give that a try.

==========

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Symantec Endpoint Protection or Spyware Doctor 8.0. (IMHO, I would ditch the Norton product (Symantec Endpoint Protection), as it tends to bog the system down at times.)

==========

I also noriced from your ComboFix log that you did not save the ComboFix.exe file to your desktop. Please navigate to c:\users\j_banta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HJPFJKY\ComboFix.exe, and right-click on ComboFix.exe, choose Cut, then right-click on any open space on the Desktop, and choose Paste. No need to run it again, just leave it for now.

==========

  • Please UNINSTALL the following programs through the ADD/REMOVE feature of your Control Panel:


    • • Babylon toolbar (Spyware Conduit)

      • FilmFanatic (Spyware Conduit)

      • Java™ 6 Update 7 (Old Version)

      • PriceGong 2.1.0 (Spyware Conduit)

      • TelevisionFanatic (Spyware Conduit)

      • Yontoo Layers Runtime 1.10.01 (Spyware Conduit)
    NOTE: If you need links showing the evidence of the above programs association with spyware, I can provide those for you.
  • Now, using Windows Explorer, I need you to DELETE the following files or folder(s) and all their content:

    c:\program files\televisionfanatic
    c:\program files\filmfanatic
    c:\program files\pricegong
    c:\program files\babylontoolbar
    c:\program files\yontoo layers runtime

==========

Report back in your next reply concerning the "File Association" issue, is it still plaguing you? Plus, are you experiencing any other issues with the computer at this point?

Best Regards,
oneof4.


#13 joboo78

joboo78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 01 December 2011 - 11:01 AM

Oneof4,

So the "File Association" resolved after restarting - just like you anticipated. Combofix is now on my desktop and I was able to uninstall all the programs except for:


• TelevisionFanatic (Spyware Conduit)

• Yontoo Layers Runtime 1.10.01 (Spyware Conduit)

So let me know how to proceed. Also, definitely let me know how to contribute!

Thanks much,
Joe

#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:35 PM

Posted 01 December 2011 - 02:13 PM

Hey joboo78 :)

For those two stubborn programs, try the following:

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs click on TelevisionFanatic and chose Uninstall
  • When prompted click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, when prompted again click Yes > Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Next > Yes.
  • Once done click Finish.
.
Repeat the process for Yontoo Layers Runtime 1.10.01

Let me know how it goes in your next reply.

Best Regards,
oneof4.


#15 joboo78

joboo78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 01 December 2011 - 03:00 PM

Oneof4,

TelevisionFanatic is not in one of the programs. Synaptics is the last program. How should I proceed?

Thanks again!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users