Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Youtube Downloader Toolbar

Started by Traviscon , Jul 31 2012 01:34 PM

  • Please log in to reply

#1
Traviscon
Posted 31 July 2012 - 01:34 PM

Traviscon

    New Member

  • Member
  • Pip
  • 8 posts
Hi everyone,

I share a PC with a family member. Sadly they aren't as computer literate as I am and its left to me to undertake general maintenance to attempt to keep the computer in a smooth running state.

Recently i've noticed aforementioned family member has downloaded a program, which I have managed to remove pretty successfully (or so I think.) However it seems linked with this piece of software was "Youtube Downloader Toolbar v5.6" . As suspected, the family member can't recall where this additional piece of software was retrieved.

I have attempted to remove the program from Programs and Features in Windows 7, however I receive the following error when attempting to do so:

"The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'youtubedownloadertoolbar.msi' in the box below."

Use source:
D:\Users\Travis\AppData\Local\Temp\{17F615C2-7542-43AB-AB0D-5254CD405F04}\

I have attempted to find the file on the system to remove it, to no avail.

Can someone help me as to how I may be able to remove the remains of this program?

Troubleshooting steps attempted:

- Daily NOD 32 Antivirus scan is performed (any threats removed.)
- Malwarebytes scan
- CCleaner

Below OTL logs:


rorOTL logfile created on: 7/31/2012 8:23:07 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Users\Travis\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.39% Memory free
4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 258.97 Gb Total Space | 257.32 Gb Free Space | 99.36% Space Free | Partition Type: FAT32
Drive D: | 39.05 Gb Total Space | 7.69 Gb Free Space | 19.68% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 714.70 Gb Free Space | 76.72% Space Free | Partition Type: NTFS

Computer Name: SERVER-TRAV | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 20:22:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- D:\Users\Travis\Downloads\OTL.exe
PRC - [2012/04/23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) -- D:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/02/24 03:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) -- D:\Windows\System32\NLSSRV32.EXE
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/25 23:57:10 | 002,770,768 | ---- | M] (O&O Software GmbH) -- D:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2011/10/25 23:56:56 | 002,485,072 | ---- | M] (O&O Software GmbH) -- D:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2011/08/03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/08/03 12:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
PRC - [2010/11/24 21:33:26 | 000,921,600 | ---- | M] () -- D:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/02/22 16:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- D:\Windows\System32\ANIWConnService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 16:12:40 | 000,412,728 | ---- | M] () -- D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 16:12:39 | 003,696,184 | ---- | M] () -- D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 16:11:13 | 000,142,568 | ---- | M] () -- D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 16:11:12 | 000,253,320 | ---- | M] () -- D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 16:11:10 | 002,403,240 | ---- | M] () -- D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 21:06:57 | 008,587,936 | ---- | M] () -- D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/02 12:40:52 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/07 18:50:04 | 000,258,048 | ---- | M] () -- D:\Windows\System32\wlanapp.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- D:\Program Files\ANI\ANIWZCS2 Service\ANIOApi.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) [Auto | Running] -- D:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/02/24 03:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- D:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/25 23:56:56 | 002,485,072 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011/08/03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/05 15:23:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/24 21:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- D:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/02/22 16:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- D:\Windows\System32\ANIWConnService.exe -- (ANIWConnService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Running] -- D:\Users\Travis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Running] -- D:\Users\Travis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2010/02/22 16:51:16 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/02/22 16:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- D:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/22 16:47:22 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- D:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D BB 9D 2A B5 FC CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6E7AE2A8-2C0A-4D41-BF9A-CCB895DD3250}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6E7AE2A8-2C0A-4D41-BF9A-CCB895DD3250}: "URL" = http://uk.yhs4.searc...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\Travis\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\Travis\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/06/04 17:13:58 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = D:\Users\Travis\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = D:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = D:\Users\Travis\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6045492-07D4-4ABF-B840-53C80E8CA5D4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/26 20:00:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/06/23 19:17:13 | 000,000,000 | ---D | M] - F:\Automatically Add to iTunes -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 03:45:08 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 20:06:31 | 000,000,000 | ---D | C] -- D:\Users\Travis\AppData\Local\Adobe
[2012/07/31 19:38:15 | 000,000,000 | ---D | C] -- D:\Users\Travis\AppData\Roaming\KODAK AiO Home Center1360893816
[2012/07/17 19:05:22 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/17 19:04:28 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2012/07/17 18:54:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/17 18:54:38 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2012/07/14 20:59:33 | 000,000,000 | ---D | C] -- D:\Users\Travis\Documents\StartersOrders5
[2012/07/12 03:21:31 | 000,000,000 | R--D | C] -- D:\Users\Travis\Downloads

========== Files - Modified Within 30 Days ==========

[2012/07/31 20:21:10 | 000,014,224 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 20:21:10 | 000,014,224 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 19:17:27 | 000,630,928 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/07/31 19:17:27 | 000,111,052 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/07/31 19:10:39 | 000,000,007 | ---- | M] () -- D:\Windows\System32\ANIWZCSUSERNAME{F6045492-07D4-4ABF-B840-53C80E8CA5D4}
[2012/07/31 19:10:30 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/07/31 19:10:17 | 1609,424,896 | -HS- | M] () -- D:\hiberfil.sys
[2012/07/31 19:10:16 | 000,462,007 | ---- | M] () -- D:\Windows\System32\oodbs.lor
[2012/07/17 19:05:23 | 000,001,459 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk
[2012/07/12 03:21:08 | 001,753,224 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/17 19:05:23 | 000,001,459 | ---- | C] () -- D:\Users\Public\Desktop\iTunes.lnk
[2012/04/02 22:54:03 | 000,004,096 | -H-- | C] () -- D:\Users\Travis\AppData\Local\keyfile3.drm
[2011/12/30 13:24:59 | 000,000,136 | RHS- | C] () -- D:\Windows\Regbak.dat
[2011/11/08 00:08:38 | 000,508,224 | ---- | C] () -- D:\Windows\System32\ICCProfiles.dll
[2011/10/08 18:47:18 | 000,003,284 | ---- | C] () -- D:\Users\Travis\AppData\Roaming\ANIWZCS{F6045492-07D4-4ABF-B840-53C80E8CA5D4}
[2011/10/08 18:45:35 | 000,151,552 | ---- | C] () -- D:\Windows\System32\ANIWConnService.exe
[2011/10/08 18:45:25 | 000,258,048 | ---- | C] () -- D:\Windows\System32\wlanapp.dll
[2011/10/08 18:45:25 | 000,217,088 | ---- | C] () -- D:\Windows\System32\aIPH.dll
[2011/10/08 18:45:25 | 000,049,152 | ---- | C] () -- D:\Windows\System32\AQCKGen.dll
[2011/10/08 18:45:25 | 000,045,115 | ---- | C] () -- D:\Windows\System32\ANICtl.dll
[2011/10/08 18:45:12 | 000,315,392 | ---- | C] () -- D:\Windows\System32\ANIOApi.dll
[2011/10/08 18:45:00 | 000,733,184 | ---- | C] () -- D:\Windows\System32\ANIOWPS.dll
[2011/10/08 18:45:00 | 000,237,568 | ---- | C] () -- D:\Windows\System32\ANIWPS.exe
[2011/10/08 18:44:36 | 000,012,800 | ---- | C] () -- D:\Windows\System32\drivers\anodlwf.sys
[2011/10/08 18:44:34 | 000,002,048 | ---- | C] () -- D:\Windows\System32\rt73.bin
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- D:\Windows\System32\nvStreaming.exe
[2011/06/08 23:11:30 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe
[2011/06/08 23:09:32 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/03/07 22:37:07 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\Downloaded Installations
[2011/07/29 20:03:12 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\DVDVideoSoft
[2011/07/29 20:03:08 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/05 19:16:29 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\GrabIt
[2012/03/08 00:02:43 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\Nitro PDF
[2012/06/23 20:20:14 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\Notepad++
[2012/06/23 19:15:50 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\OutWit
[2011/11/04 20:31:16 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\Sports Interactive
[2012/07/31 19:36:51 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\Temp
[2011/12/30 13:11:35 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\Thinstall
[2012/03/19 19:42:08 | 000,000,000 | ---D | M] -- D:\Users\Travis\AppData\Roaming\uTorrent
[2012/05/31 17:47:10 | 000,032,620 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> D:\ProgramData\TEMP:2AC7ECBB

< End of report >

Thanks everyone,

Travis
  • 0

Advertisements

#2
havredave
Posted 01 August 2012 - 02:51 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.
  • My normal hours are 8:30am to 5:30pm MST, Monday through Friday.

Next, on to the issue at hand. Give me a little time to go over the log; I've already found a few pieces of that toolbar that need to be removed, but I need to look a little more closely. I'll post back shortly.
  • 0

#3
havredave
Posted 01 August 2012 - 03:14 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I see something rather strange on your system. Not critical, but odd enough to mention it: You have 3 drives/partitions. The C: is formatted FAT32 rather than NTFS. Is there any reason for this? FAT32 is less resilient and secure than NTFS, so I'd recommend converting that to NTFS unless you have a good reason to keep it FAT32.

Java is out of date; current up to date version is 7.5. You can get that here. Just press the "Accept License Agreement" button, then download the "Windows x86 Offline" (or Online if you prefer) installer, then run it. You may have to remove the older Java installation after you've updated.

Next, we'll remove a few leftover pieces of that toolbar:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[createrestorepoint]

:OTL
DRV - File not found [Kernel | System | Running] -- D:\Users\Travis\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Running] -- D:\Users\Travis\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

When you initially ran OTL, there should have also been an Extras.txt file generated along with OTL.txt. Please paste the contents of Extras.txt in your next response, along with the new OTL.txt quickscan.

Any other issues that you can see, we might as well touch while we're doing this, so don't hesitate to ask.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP