[Malware] Starburn software problem -Virus/malware?
Hello, About a month ago on start up I was getting a message something like,”youtube downloader Free_helper.exe has encountered a problem. Since I was not aware of having uploaded anything to do with youtube I am afraid I just ignored it. Shortly after this (a few days) whilst still getting the youtube message when I launched my browser Mozilla Firefox 17. ,instead of getting my Google homepage I was getting search.starburnsoftware.com. No matter how may times I reset my options back to Google it did not work. Eventually I did a search for files or folders containing the word “starburn” I found about 3 files, which I deleted. This worked like a charm! Instead I got apype.com. I then repeated the search this time for “apype” it came up with nothing. After this however apype.com had gone & starburn was back. When I tried to reset my preferences it showed apype .com but when I launched my browser I got starburn. This continues to be the case even after doing you recommended clean up. At one point my husband suggested trying Explorer. This was also showing starburn however after about 10 resets it is now sticking with Google. I am now using Explorer but I have not uninstalled Firefox I tried Bitdefender Quick Scan, which froze at the end but found nothing, and Malwarebytes and latterly Avast but to no avail. I also used Microsoft Fix It. I then contacted my son who is in England and works in IT & he directed me to you. I have now completed your Mandatory Steps Before Requesting Assistance and here are my results: Incidentally I got to this point on your web page about half an hour ago & it all my text disappeared. My results:
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKCU\Software\PlayVolcanoSA (Adware.HotBar.PV) -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayVolcanoSA (Adware.HotBar.PV) -> Quarantined and deleted successfully.
Registry Values Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|PlayVolcanoSA (Adware.HotBar.PV) -> Data: "C:\Documents and Settings\annas\Local Settings\Application Data\PlayVolcanoSA\bin\1.0.10.0\PlayVolcanoSA.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 3 C:\Documents and Settings\annas\Local Settings\Application Data\PLAYVOLCANOSA (Adware.HotBar.PV) -> Quarantined and deleted successfully. C:\Documents and Settings\annas\Local Settings\Application Data\PLAYVOLCANOSA\bin (Adware.HotBar.PV) -> Quarantined and deleted successfully. C:\Documents and Settings\annas\Local Settings\Application Data\PLAYVOLCANOSA\bin\1.0.10.0 (Adware.HotBar.PV) -> Quarantined and deleted successfully.
Files Detected: 3 E:\program files\Corel® Painter™ Essentials 4+Keygen-HeartBug\keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2168\A0265087.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully. C:\Documents and Settings\annas\Local Settings\Application Data\PLAYVOLCANOSA\bin\1.0.10.0\PlayVolcanoSAHook.dll (Adware.HotBar.PV) -> Quarantined and deleted successfully.
(end) 2. contents of OTL.txt - Attached
3. Contents of Extras.txt
OTL Extras logfile created on: 26/11/2012 17:42:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.78% Memory free 7.81 Gb Paging File | 7.43 Gb Available in Paging File | 95.11% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 24.81 Gb Free Space | 35.54% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.96% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.71 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 26.30 Gb Free Space | 13.02% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive Z: | 465.76 Gb Total Space | 196.29 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI) "9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
Error - 25/11/2012 18:15:57 | Computer Name = DELL | Source = MatSvc | ID = 262147 Description = The MATS service encountered a web service failure. hr=0xC004F018
Error - 25/11/2012 18:15:57 | Computer Name = DELL | Source = MatSvc | ID = 262148 Description = The MATS service encountered a failure when uploading data. hr=0xC004F018
Error - 25/11/2012 18:16:18 | Computer Name = DELL | Source = MatSvc | ID = 262147 Description = The MATS service encountered a web service failure. hr=0xC004F018
Error - 25/11/2012 18:16:18 | Computer Name = DELL | Source = MatSvc | ID = 262148 Description = The MATS service encountered a failure when uploading data. hr=0xC004F018
Error - 25/11/2012 18:18:00 | Computer Name = DELL | Source = MatSvc | ID = 262147 Description = The MATS service encountered a web service failure. hr=0xC004F018
Error - 25/11/2012 18:18:00 | Computer Name = DELL | Source = MatSvc | ID = 262148 Description = The MATS service encountered a failure when uploading data. hr=0xC004F018
Error - 25/11/2012 18:22:57 | Computer Name = DELL | Source = MatSvc | ID = 262147 Description = The MATS service encountered a web service failure. hr=0xC004F018
Error - 25/11/2012 18:22:57 | Computer Name = DELL | Source = MatSvc | ID = 262148 Description = The MATS service encountered a failure when uploading data. hr=0xC004F018
[ System Events ] Error - 26/11/2012 09:04:34 | Computer Name = DELL | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
Error - 26/11/2012 09:06:37 | Computer Name = DELL | Source = Service Control Manager | ID = 7022 Description = The Logitech Media Server service hung on starting.
Error - 26/11/2012 09:06:37 | Computer Name = DELL | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: szkg
Error - 26/11/2012 12:24:40 | Computer Name = DELL | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service dlcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 26/11/2012 12:24:40 | Computer Name = DELL | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
Error - 26/11/2012 12:24:40 | Computer Name = DELL | Source = Service Control Manager | ID = 7000 Description = The dlcf_device service failed to start due to the following error: %%1053
Error - 26/11/2012 12:24:50 | Computer Name = DELL | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service dlcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 26/11/2012 12:26:23 | Computer Name = DELL | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
Error - 26/11/2012 12:26:23 | Computer Name = DELL | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
Error - 26/11/2012 12:27:25 | Computer Name = DELL | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde szkg
4. Contents of checkup.txt
Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Microsoft Security Essentials avast! Antivirus McAfee VirusScan Antivirus up to date! (On Access scanning disabled!) [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java(TM) 6 Update 23 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Mozilla Firefox (17.0) Mozilla Thunderbird 16.0.2 [color=red]Thunderbird out of Date![/color] [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C:: 15% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color] [u]````````````````````End of Log``````````````````````[/u]
5. Contents of the Online AntiVirus Scan log
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c49982a5574c1948a833d550b7e9db46 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-26 09:19:20 # local_time=2012-11-26 10:19:20 (+0100, Romance Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5891 16776533 42 93 19740 7589840 0 0 # compatibility_mode=8192 67108863 100 0 4320 4320 0 0 # scanned=150894 # found=14 # cleaned=14 # scan_time=14295 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM23.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM78.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\Application Data\Uniblue\RegistryBooster\_temp\ub.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\Desktop\Installs\se2_0_1_1516.exe a variant of Win32/UbSpyEraser application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\Desktop\Installs\spyeraser2.exe a variant of Win32/UbSpyEraser application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\My Documents\Downloads\PETER_ROBINSON_-_THE_HANGING_VALLEY_[MYANONAMOUSE.NET]-ebook.exe Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\My Documents\Downloads\registrybooster(1).exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\My Documents\Downloads\The_Diggers_Rest_Hotel_-_by_Geoffrey_McGeachin_(an_unabridge.exe Win32/Adware.1ClickDownload.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\annas\My Documents\Downloads\_Retail).exe Win32/Adware.1ClickDownload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
reply to LoPhatPhuud Hi, Just a couple of things which may or not be important. When i switched on this morning the following message came up: Windows no disk Exception processing message 00000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c Malware then proceeded to pop up telling me that it had successfully blocked access to a potentially malicious website (outgoing) I got some of the codes ie 218.10.63.240 - is it worth noting these down if I can? Also today when I close down internet explorer it shuts down Thunderbird too. I am trying not to use my machine unless absolutely neccesary but am checking in regularly to see if you are around and have more instructions. Cheers, Anna
OTL logfile created on: 26/11/2012 17:42:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.78% Memory free 7.81 Gb Paging File | 7.43 Gb Available in Paging File | 95.11% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 24.81 Gb Free Space | 35.54% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.96% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.71 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 26.30 Gb Free Space | 13.02% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive Z: | 465.76 Gb Total Space | 196.29 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
reply to Carcassonne Thanks for the TDSS log. It was negative.
However, there are several adware programs installed, as well as a torrent client that I assume you did not install (came with something else, most likely).
First: Use Add/Remove Programs to uninstall the following. Note, that if there is no Add/Remove Programs entry, just go on to the next item.
Yontoo 1.10.02 µTorrent uTorrentControl_v2 Toolbar A You Tube Downloader
Second: In Firefox, remove SkyWebSearch from the list of search entries, and any addon (extension) for it.
Third: Run OTL again, and post the new log in this thread. Note that there will not be a new Extras log. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
Ok - I uninstalled Utorrent No utorrentControl v2 toolbar No A youtube Downloader When I tried to remove Yontoo I got the message: C:\Document~\ALLUSE~1\APPLIC~1\TarmaInstaller\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\setup.dat Error2 while loading archive: The system cannot find the specified file
While trying to get rid of Skywebsearch I noticed that A Youtube downloader was enabled again despite my having previously disabled it – I do not seem to be able to remove it.
Machine now going very slow & capricious! Applications opening & closing unexpectedly
Attatched is the OTL report
OTL logfile created on: 27/11/2012 19:00:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.20% Memory free 7.81 Gb Paging File | 7.34 Gb Available in Paging File | 93.92% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 25.41 Gb Free Space | 36.40% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.97% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.71 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 26.30 Gb Free Space | 13.02% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 3.66 Gb Total Space | 1.42 Gb Free Space | 38.95% Space Free | Partition Type: FAT32 Drive Z: | 465.76 Gb Total Space | 196.29 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Ok - I uninstalled Utorrent No utorrentControl v2 toolbar No A youtube Downloader When I tried to remove Yontoo I got the message: C:\Document~\ALLUSE~1\APPLIC~1\TarmaInstaller\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\setup.dat Error2 while loading archive: The system cannot find the specified file While trying to get rid of Skywebsearch I noticed that A Youtube downloader was enabled again despite my having previously disabled it – I do not seem to be able to remove it. OTL Scan results: OTL logfile created on: 27/11/2012 19:00:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.20% Memory free 7.81 Gb Paging File | 7.34 Gb Available in Paging File | 93.92% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 25.41 Gb Free Space | 36.40% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.97% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.71 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 26.30 Gb Free Space | 13.02% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 3.66 Gb Total Space | 1.42 Gb Free Space | 38.95% Space Free | Partition Type: FAT32 Drive Z: | 465.76 Gb Total Space | 196.29 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Ok - I uninstalled Utorrent No utorrentControl v2 toolbar No A youtube Downloader When I tried to remove Yontoo I got the message: C:\Document~\ALLUSE~1\APPLIC~1\TarmaInstaller\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\setup.dat Error2 while loading archive: The system cannot find the specified file While trying to get rid of Skywebsearch I noticed that A Youtube downloader was enabled again despite my having previously disabled it – I do not seem to be able to remove it. Here are the OTL scan results: OTL logfile created on: 27/11/2012 19:00:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.20% Memory free 7.81 Gb Paging File | 7.34 Gb Available in Paging File | 93.92% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 25.41 Gb Free Space | 36.40% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.97% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.71 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 26.30 Gb Free Space | 13.02% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 3.66 Gb Total Space | 1.42 Gb Free Space | 38.95% Space Free | Partition Type: FAT32 Drive Z: | 465.76 Gb Total Space | 196.29 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
reply to Carcassonne Based on the additional symptoms you mention (capricious starts) you may be best served by reformatting and starting over.
I'm not to the point where that is the only option I will recommend, but we are going in that direction.
Let me know if you want to continue, or if you would prefer to just start over nowl. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
[*]Then click the Run Fix button at the top [*]Let the program run unhindered, reboot the PC when it is done [*]Once you see a message box "Fix complete! Click OK to open the fix log." [*]Click the OK button [*]The log will open in Notepad (your default text editor). {*]Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
·