Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iLivid / Bandoo / Searchqu problem?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » February 20th, 2012, 5:21 pm

Hello,

I installed a new HDD and installed Windows Vista on it from the recovery/installation cds that I created from old HDD. I then loaded all the Windows updates. Sometime after that, I downloaded iLivid and I did it so quickly, I probably said yes to the Searchqu toolbar and other download stuff. Now, my computer takes 5+ minutes to boot up. Also, sometimes a window pops up in lower right hand corner of my screen that says "Windows has detected high memory usage by the program Firefox Mozilla" and it gives a memory size--I mainly use Mozilla for web surfing. I went to the task manager and saw this name "Bandoo" and I googled it and found another user on this site that had a problem with ILivid/Bandoo/Searchqu. My theory is that I have the same problem.

Thanks in advance for your help, logs below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by David2 at 13:04:01 on 2012-02-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.358 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{764DEFD8-48B8-48DA-B2C3-4D658B4DEC99} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david2\appdata\roaming\mozilla\firefox\profiles\g2tki269.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-7-25 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2011-7-10 252416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 15:59:20 834048 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 14:11:42 389632 ----a-w- c:\windows\system32\html.iec
2011-12-16 13:46:35 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 13:04:56.84 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2011 8:50:01 PM
System Uptime: 2/20/2012 7:49:15 AM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Lancaster8
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1854 GiB total, 1588.103 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.251 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 10/14/2011 6:30:30 AM - Windows Update
RP69: 10/14/2011 6:35:39 AM - Windows Update
RP70: 10/18/2011 5:48:36 AM - Windows Update
RP71: 10/21/2011 5:47:33 PM - Windows Update
RP72: 10/22/2011 12:17:26 PM - Scheduled Checkpoint
RP73: 10/23/2011 10:01:58 PM - Scheduled Checkpoint
RP74: 10/25/2011 6:05:37 AM - Windows Update
RP75: 10/25/2011 11:01:14 PM - Scheduled Checkpoint
RP76: 10/27/2011 7:49:55 PM - Windows Update
RP77: 10/29/2011 9:27:45 AM - Windows Update
RP78: 11/1/2011 7:00:38 AM - Windows Update
RP79: 11/1/2011 7:37:23 PM - Windows Update
RP80: 11/2/2011 7:14:13 PM - Windows Update
RP81: 11/2/2011 7:38:09 PM - Installed AVG 2012
RP82: 11/2/2011 8:49:39 PM - Windows Update
RP83: 11/2/2011 9:24:10 PM - Windows Update
RP84: 11/3/2011 3:00:44 AM - Windows Update
RP85: 11/4/2011 3:00:40 AM - Windows Update
RP87: 11/5/2011 1:36:43 PM - Windows Update
RP88: 11/6/2011 7:20:54 PM - Scheduled Checkpoint
RP89: 11/8/2011 7:10:38 AM - Scheduled Checkpoint
RP90: 11/9/2011 7:15:00 AM - Scheduled Checkpoint
RP91: 11/9/2011 9:01:49 PM - Windows Update
RP92: 11/12/2011 1:53:09 PM - Windows Update
RP93: 11/13/2011 11:29:15 PM - Scheduled Checkpoint
RP94: 11/14/2011 9:11:09 PM - Scheduled Checkpoint
RP95: 11/19/2011 7:36:02 AM - Scheduled Checkpoint
RP96: 11/22/2011 9:02:09 PM - Scheduled Checkpoint
RP97: 11/25/2011 11:23:32 AM - Scheduled Checkpoint
RP98: 11/27/2011 12:25:19 PM - Scheduled Checkpoint
RP99: 11/28/2011 10:30:02 PM - Scheduled Checkpoint
RP100: 11/30/2011 5:31:16 AM - Scheduled Checkpoint
RP101: 12/2/2011 9:02:27 PM - Scheduled Checkpoint
RP102: 12/3/2011 10:41:10 AM - Scheduled Checkpoint
RP103: 12/10/2011 10:43:40 AM - Scheduled Checkpoint
RP104: 12/15/2011 10:55:00 PM - Scheduled Checkpoint
RP105: 12/16/2011 3:02:09 AM - Windows Update
RP106: 12/18/2011 6:04:52 PM - Scheduled Checkpoint
RP107: 12/20/2011 7:47:30 AM - Scheduled Checkpoint
RP108: 12/30/2011 5:12:55 PM - Scheduled Checkpoint
RP109: 12/31/2011 3:00:37 AM - Windows Update
RP110: 1/5/2012 9:53:37 PM - Scheduled Checkpoint
RP111: 1/7/2012 9:10:25 AM - Scheduled Checkpoint
RP112: 1/9/2012 8:43:19 PM - Scheduled Checkpoint
RP113: 1/12/2012 10:20:35 PM - Windows Update
RP114: 1/14/2012 12:46:46 PM - Windows Update
RP115: 1/15/2012 6:43:29 PM - Scheduled Checkpoint
RP116: 1/18/2012 9:54:06 PM - Scheduled Checkpoint
RP117: 1/21/2012 9:10:24 PM - Scheduled Checkpoint
RP118: 1/23/2012 8:20:54 PM - Scheduled Checkpoint
RP119: 1/24/2012 11:25:47 PM - Scheduled Checkpoint
RP120: 1/26/2012 5:32:25 AM - Scheduled Checkpoint
RP121: 1/26/2012 9:13:20 PM - Scheduled Checkpoint
RP122: 1/28/2012 1:17:37 AM - Scheduled Checkpoint
RP123: 1/29/2012 9:46:48 AM - Scheduled Checkpoint
RP124: 1/30/2012 11:00:17 PM - Scheduled Checkpoint
RP125: 2/1/2012 7:11:49 AM - Scheduled Checkpoint
RP126: 2/2/2012 5:06:28 AM - Scheduled Checkpoint
RP127: 2/4/2012 3:44:19 AM - Scheduled Checkpoint
RP128: 2/6/2012 7:09:19 AM - Scheduled Checkpoint
RP129: 2/8/2012 7:56:54 PM - Scheduled Checkpoint
RP130: 2/12/2012 2:02:01 AM - Scheduled Checkpoint
RP131: 2/14/2012 5:00:34 AM - Scheduled Checkpoint
RP132: 2/18/2012 4:32:56 AM - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
AVG 2012
AVG Security Toolbar
Belkin Wireless G USB Adapter Driver
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
iLivid
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 10.0 (x86 en-US)
muvee autoProducer 6.1
My HP Games
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VideoLAN VLC media player 0.8.6f
VideoToolkit01
WeatherBug Gadget
Windows iLivid Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/15/2012 8:34:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm
Advertisement
Register to Remove

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » February 20th, 2012, 8:39 pm

Hi nefarioushoyden, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your log and will return as soon as possible with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » February 21st, 2012, 9:09 am

Hi nefarioushoyden, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g., Start of malware removal process) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Run the Searchqu OTL Fix
    1. Click here to download OTL.exe by Old Timer and save it to your Desktop.
    2. Right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename: Fix.txt (the name must be Fix.txt on your Desktop).

      SQW7-Vista_x32.TXT

    3. Right-click the OTL icon on your Desktop and select Run As Administrator.
    4. Click the Run Fix button at the top.
    5. You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
    6. When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
    7. Some text will appear in the Custom scans/Fixes box.
    8. Click the Run Fix button.
    9. Let the program run unhindered and reboot the PC when it is done.
    10. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    11. Copy the contents of that file and post it in your next reply. The file can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  3. Run SystemLook
    1. Download SystemLook from one of the links below and save it to your Desktop.
      Download Mirror #1
      Download Mirror #2
    2. Right-click the SystemLook.exe icon and select Run As Administrator to run it.
    3. Copy and paste the contents of the following codebox into the main textfield (do not include the word code:):
      Code: Select all
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
       
    4. Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    5. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL.txt log.
  3. The contents of the SystemLook.txt log.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » February 23rd, 2012, 1:35 am

Hello Mambass,

I could use an extra few days on the 3 day recommended response time on this one, so can I get that?

Thanks, NH
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » February 23rd, 2012, 4:02 pm

Hi NH, :)

NH wrote: I could use an extra few days on the 3 day recommended response time on this one, so can I get that?
Thank you for letting me know about the delay in advance. We can extend the response period through Sunday night.

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » February 26th, 2012, 9:02 pm

Hello Mambass,

The 2 log files are below. I took a look at them and I have a question: I downloaded iLivid to download youtube videos from the internet to my local hard drive. So will these malware removal steps remove that program? If the answer is yes, then I am assuming this is a malware program, and if I want to do more downloading from youtube, I'll have to find another program? Thanks, NH

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
========== FILES ==========
File/Folder C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchqutoolbar folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\David2\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
C:\Users\David2\AppData\Local\Ilivid Player folder moved successfully.
File/Folder C:\Users\David2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\David2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\David2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\David2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\David2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\David2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\David2\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\David2\AppData\Local\Temp\BandooV6.exe not found.
C:\Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\David2\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\David2\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
C:\Users\David2\AppData\Local\Temp\ilivid.7z moved successfully.
C:\Users\David2\AppData\Local\Temp\searchqu.ini moved successfully.
C:\Users\David2\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\David2\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\David2\AppData\LocalLow\searchqutoolbar\weather folder moved successfully.
C:\Users\David2\AppData\LocalLow\searchqutoolbar folder moved successfully.
File/Folder C:\Users\David2\Downloads\SweetImSetup.exe not found.
C:\Users\David2\Downloads\iLividSetupV1.exe moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
C:\Program Files\iLivid\VLC\skins\fonts folder moved successfully.
C:\Program Files\iLivid\VLC\skins folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\lib\pkgconfig folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\lib folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include\vlc folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include folder moved successfully.
C:\Program Files\iLivid\VLC\sdk folder moved successfully.
C:\Program Files\iLivid\VLC\plugins folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\volume folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\selection folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\selected folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu folder moved successfully.
C:\Program Files\iLivid\VLC\NSIS folder moved successfully.
C:\Program Files\iLivid\VLC\mozilla folder moved successfully.
C:\Program Files\iLivid\VLC\lua\sd folder moved successfully.
C:\Program Files\iLivid\VLC\lua\playlist folder moved successfully.
C:\Program Files\iLivid\VLC\lua\modules folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\reader folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\fetcher folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\art folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta folder moved successfully.
C:\Program Files\iLivid\VLC\lua\intf\modules folder moved successfully.
C:\Program Files\iLivid\VLC\lua\intf folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\requests folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\js folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\images folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\dialogs folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http folder moved successfully.
C:\Program Files\iLivid\VLC\lua\extensions folder moved successfully.
C:\Program Files\iLivid\VLC\lua folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zu\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zu folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_TW\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_TW folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_CN\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_CN folder moved successfully.
C:\Program Files\iLivid\VLC\locale\wa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\wa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\vi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\vi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\uk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\uk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\th\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\th folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tet\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tet folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ta\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ta folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sv\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sv folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sq\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sq folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\si\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\si folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ru folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ro\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ro folder moved successfully.
C:\Program Files\iLivid\VLC\locale\qt4 folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_PT\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_PT folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_BR\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_BR folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ps\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ps folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\oc folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ne\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ne folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nb folder moved successfully.
C:\Program Files\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\my folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ms folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ml folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lv folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lt folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ko folder moved successfully.
C:\Program Files\iLivid\VLC\locale\km\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\km folder moved successfully.
C:\Program Files\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\kk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ka folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ja\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ja folder moved successfully.
C:\Program Files\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\it folder moved successfully.
C:\Program Files\iLivid\VLC\locale\is\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\is folder moved successfully.
C:\Program Files\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\id folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hy\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hy folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hu\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hu folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\he folder moved successfully.
C:\Program Files\iLivid\VLC\locale\gl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\gl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ga\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ga folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fur folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ff\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ff folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\eu\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\eu folder moved successfully.
C:\Program Files\iLivid\VLC\locale\et\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\et folder moved successfully.
C:\Program Files\iLivid\VLC\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\es folder moved successfully.
C:\Program Files\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\en_GB folder moved successfully.
C:\Program Files\iLivid\VLC\locale\el\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\el folder moved successfully.
C:\Program Files\iLivid\VLC\locale\de\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\de folder moved successfully.
C:\Program Files\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\da folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cs folder moved successfully.
C:\Program Files\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\co folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ckb folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cgg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cgg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ca folder moved successfully.
C:\Program Files\iLivid\VLC\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\br folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\be folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ast\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ast folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ar folder moved successfully.
C:\Program Files\iLivid\VLC\locale\am\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\am folder moved successfully.
C:\Program Files\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\af folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ach\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ach folder moved successfully.
C:\Program Files\iLivid\VLC\locale folder moved successfully.
C:\Program Files\iLivid\VLC\languages folder moved successfully.
C:\Program Files\iLivid\VLC\http\requests folder moved successfully.
C:\Program Files\iLivid\VLC\http\js folder moved successfully.
C:\Program Files\iLivid\VLC\http\images folder moved successfully.
C:\Program Files\iLivid\VLC\http\dialogs folder moved successfully.
C:\Program Files\iLivid\VLC\http folder moved successfully.
C:\Program Files\iLivid\VLC\activex folder moved successfully.
C:\Program Files\iLivid\VLC folder moved successfully.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David2
->Temp folder emptied: 222306571 bytes
->Temporary Internet Files folder emptied: 325984372 bytes
->Java cache emptied: 22372 bytes
->FireFox cache emptied: 1135801197 bytes
->Flash cache emptied: 3206024 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 173821566 bytes
RecycleBin emptied: 360891454 bytes

Total Files Cleaned = 2,119.00 mb



OTL by OldTimer - Version 3.2.33.2 log created on 02262012_163212

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



SystemLook 30.07.11 by jpshortstuff
Log created at 16:47 on 26/02/2012 by David2
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\searchqu.ini --a---- 427 bytes [05:41 11/12/2011] [05:41 11/12/2011] BF55A324B1DC6D9410EA55546B20AA3E
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3521240 bytes [05:41 11/12/2011] [05:41 11/12/2011] 5A5BFCEE355D475577B8E9ABDBB744DF

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 848 bytes [05:42 11/12/2011] [05:42 11/12/2011] 2EFC86EE70AF85A1B6C6514A1EEDC388
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 226 bytes [05:42 11/12/2011] [05:42 11/12/2011] 650577A961260285F196248E46D75548
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [05:42 11/12/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [05:42 11/12/2011] [05:42 11/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [05:42 11/12/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1495 bytes [05:42 11/12/2011] [05:42 11/12/2011] 203949D4FB1386197E26B79DCD81BA37
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [05:42 11/12/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 848 bytes [05:42 11/12/2011] [05:42 11/12/2011] 2EFC86EE70AF85A1B6C6514A1EEDC388
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 226 bytes [05:42 11/12/2011] [05:42 11/12/2011] 650577A961260285F196248E46D75548
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [05:42 11/12/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [05:42 11/12/2011] [05:42 11/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [05:42 11/12/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1495 bytes [05:42 11/12/2011] [05:42 11/12/2011] 203949D4FB1386197E26B79DCD81BA37
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [05:42 11/12/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\Users\Public\Desktop\iLivid Download Manager.lnk --a---- 830 bytes [05:42 11/12/2011] [05:42 11/12/2011] F9E21B0EEAF1C5808984D5F6A248A7EA
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [05:42 11/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [05:42 11/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [05:42 11/12/2011] [05:42 11/12/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\Downloads\iLividSetupV1.exe --a---- 2060760 bytes [05:40 11/12/2011] [05:40 11/12/2011] A3524B9D0A9BF6462B0A53F7335241D4

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\WINDOWS\Prefetch\DATAMNGRUI.EXE-258C82CA.pf --a---- 3968 bytes [21:47 26/02/2012] [21:47 26/02/2012] 24D6D1B74836DCC0AA0014DE7BDBC141
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [05:41 11/12/2011] [10:42 09/11/2011] D52605C6182471B3F4A6772FD8E90098
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [05:41 11/12/2011] [10:42 09/11/2011] C9EB93006BD36A3C46DC022DF34D222C
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 978 bytes [05:41 11/12/2011] [10:42 09/11/2011] 0CE6DC5C1FB9591A1973586DDDCBEAEB
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [05:41 11/12/2011] [10:40 09/11/2011] 9AE19546F41AA13225275BB4F71A5BD9
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [05:41 11/12/2011] [10:41 09/11/2011] A98E91A7DA272D0110BD6ED97AD2307B
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] 2AC6FD3683B57B4B001B02E2D15E0D91
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] D0AA98C433EC734FA7FF31128F76A44C
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] 022CDBD1D640AD3168233C9E4588EB34
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [05:41 11/12/2011] [07:11 26/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3521240 bytes [05:41 11/12/2011] [05:41 11/12/2011] 5A5BFCEE355D475577B8E9ABDBB744DF

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\LocalLow\searchquband d------ [06:35 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\LocalLow\searchqutoolbar d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchqutoolbar d------ [05:41 11/12/2011]

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [05:42 11/12/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid d------ [05:42 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid d------ [05:42 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Ilivid Player d------ [05:43 11/12/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\David2\AppData\LocalLow\DataMngr d------ [06:35 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [05:41 11/12/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Contact"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"Contact"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"Publisher"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
@="{0.0.0.00000000}.{c032bf38-8a55-4660-a86e-c46fa7125010}|\Device\HarddiskVolume1\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\David2\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\VLC\vlc.exe"="VLC media player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
"installpath"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
"player_path"="C:\Program Files\iLivid\VLC\vlc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts\ilivid.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D14257D02FF048419C2C3F7787732C8]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6770AEB7E06F926409292E7BC2601EFE]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC8629C735242C4C8DA212489E5DE11]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"UninstallString"=""C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"ModifyPath"="C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"HelpLink"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"URLUpdateInfo"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"DisplayName"="Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"UninstallString"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"DisplayIcon"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"Path"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D11A718-4174-474F-A0A4-08D56B03BFEB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{924EB14A-495B-49F3-B558-A7C81E88C85D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D11A718-4174-474F-A0A4-08D56B03BFEB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{924EB14A-495B-49F3-B558-A7C81E88C85D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D11A718-4174-474F-A0A4-08D56B03BFEB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{924EB14A-495B-49F3-B558-A7C81E88C85D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
@="{0.0.0.00000000}.{c032bf38-8a55-4660-a86e-c46fa7125010}|\Device\HarddiskVolume1\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\David2\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\VLC\vlc.exe"="VLC media player"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\David2\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\VLC\vlc.exe"="VLC media player"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{949D2C04-D3C1-490A-8A03-440B5C32B5F2}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"="C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D11A718-4174-474F-A0A4-08D56B03BFEB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{924EB14A-495B-49F3-B558-A7C81E88C85D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D11A718-4174-474F-A0A4-08D56B03BFEB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{924EB14A-495B-49F3-B558-A7C81E88C85D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D11A718-4174-474F-A0A4-08D56B03BFEB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{924EB14A-495B-49F3-B558-A7C81E88C85D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » February 26th, 2012, 9:34 pm

Hello Mambass,

So it does look like your recommended steps did remove the ILivid program from my HDD. I do notice that there is still a shortcut on my desktop that says "ILivid Download Manager" that has a target: "C:\Program Files\iLivid\ilivid.exe"

1. When I go looking for that folder, I cannot find it.

2. But when I click on Start in lower left corner, and then click on All Programs, there is a folder named ILivid, and it has a file in there called ILivid Download Manager. But the icon here is that generic windows icon next to the filename -- this icon does not match the ILivid icon that is on my desktop (for ILivid Download Manager) which is the "proper" ILivid icon that looks like the letter "V" made out of 35mm film.

Thanks, NH
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » February 29th, 2012, 4:37 pm

Hi NH, :)

I downloaded iLivid to download youtube videos from the internet to my local hard drive. So will these malware removal steps remove that program?

I do notice that there is still a shortcut on my desktop that says "ILivid Download Manager" that has a target: "C:\Program Files\iLivid\ilivid.exe"
Yes, iLivid is malware and is being removed. You executed the first part of that removal. This particular infection creates hundreds of registry entries and will replace entries that it detects as missing. As such, we will have to make a number of passes before it has been completely removed.

It's critical that you execute these instruction as soon as possible upon receipt. I, in turn, will do my best to get back to you as quickly as possible in an effort to get ahead of this infection.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g.,Before third OTL fix) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :processes
      killallprocesses
      
      :Reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
      [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
      [-HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
      @=-
      [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\David2\Downloads\iLividSetupV1.exe"=-
      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe"=-
      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Program Files\iLivid\ilivid.exe"=-
      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Program Files\iLivid\VLC\vlc.exe"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
      "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D14257D02FF048419C2C3F7787732C8]
      "2B1E51D87B2D71A44BB42DDD5E894160"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6770AEB7E06F926409292E7BC2601EFE]
      "2B1E51D87B2D71A44BB42DDD5E894160"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC8629C735242C4C8DA212489E5DE11]
      "2B1E51D87B2D71A44BB42DDD5E894160"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{6D11A718-4174-474F-A0A4-08D56B03BFEB}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{924EB14A-495B-49F3-B558-A7C81E88C85D}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{6D11A718-4174-474F-A0A4-08D56B03BFEB}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{924EB14A-495B-49F3-B558-A7C81E88C85D}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{6D11A718-4174-474F-A0A4-08D56B03BFEB}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{924EB14A-495B-49F3-B558-A7C81E88C85D}"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
      @=-
      [-HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\David2\Downloads\iLividSetupV1.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Program Files\iLivid\ilivid.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Program Files\iLivid\VLC\vlc.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\David2\Downloads\iLividSetupV1.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Program Files\iLivid\ilivid.exe"=-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Program Files\iLivid\VLC\vlc.exe"=-
      [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{949D2C04-D3C1-490A-8A03-440B5C32B5F2}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DATAMNGR"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{6D11A718-4174-474F-A0A4-08D56B03BFEB}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{924EB14A-495B-49F3-B558-A7C81E88C85D}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{6D11A718-4174-474F-A0A4-08D56B03BFEB}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{924EB14A-495B-49F3-B558-A7C81E88C85D}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{6D11A718-4174-474F-A0A4-08D56B03BFEB}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{924EB14A-495B-49F3-B558-A7C81E88C85D}"=-
      [-HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\DataMngr_Toolbar]
      
      :Files
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
      C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid
      C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}
      C:\Users\Public\Desktop\iLivid Download Manager.lnk
      C:\WINDOWS\Prefetch\DATAMNGRUI.EXE-258C82CA.pf
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid
      C:\Users\David2\AppData\LocalLow\DataMngr
      
      :Commands
      [PURITY]
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  3. Run SystemLook
    1. Right-click the SystemLook.exe icon on your Desktopand select Run As Administrator to run it.
    2. Copy and paste the contents of the following codebox into the main textfield (do not include the word code:):
      Code: Select all
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
       
    3. Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your reply (post logs separately if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the SystemLook.txt log.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » March 1st, 2012, 2:13 pm

Hello Mambass,

Here are the log files.

Thanks so much for all this help!
NefariousHoyden

========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\David2\Downloads\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\VLC\vlc.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D14257D02FF048419C2C3F7787732C8\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6770AEB7E06F926409292E7BC2601EFE\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC8629C735242C4C8DA212489E5DE11\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D11A718-4174-474F-A0A4-08D56B03BFEB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D11A718-4174-474F-A0A4-08D56B03BFEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924EB14A-495B-49F3-B558-A7C81E88C85D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924EB14A-495B-49F3-B558-A7C81E88C85D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D11A718-4174-474F-A0A4-08D56B03BFEB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D11A718-4174-474F-A0A4-08D56B03BFEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924EB14A-495B-49F3-B558-A7C81E88C85D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924EB14A-495B-49F3-B558-A7C81E88C85D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D11A718-4174-474F-A0A4-08D56B03BFEB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D11A718-4174-474F-A0A4-08D56B03BFEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924EB14A-495B-49F3-B558-A7C81E88C85D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924EB14A-495B-49F3-B558-A7C81E88C85D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0\\@ not found.
Registry key HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\David2\Downloads\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\VLC\vlc.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\David2\Downloads\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\David2\AppData\Local\Temp\mia9CB1.tmp\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\VLC\vlc.exe not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{949D2C04-D3C1-490A-8A03-440B5C32B5F2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949D2C04-D3C1-490A-8A03-440B5C32B5F2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D11A718-4174-474F-A0A4-08D56B03BFEB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D11A718-4174-474F-A0A4-08D56B03BFEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924EB14A-495B-49F3-B558-A7C81E88C85D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924EB14A-495B-49F3-B558-A7C81E88C85D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D11A718-4174-474F-A0A4-08D56B03BFEB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D11A718-4174-474F-A0A4-08D56B03BFEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924EB14A-495B-49F3-B558-A7C81E88C85D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924EB14A-495B-49F3-B558-A7C81E88C85D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D11A718-4174-474F-A0A4-08D56B03BFEB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D11A718-4174-474F-A0A4-08D56B03BFEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924EB14A-495B-49F3-B558-A7C81E88C85D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924EB14A-495B-49F3-B558-A7C81E88C85D}\ not found.
Registry key HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\DataMngr_Toolbar\ not found.
========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully.
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824} folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
File\Folder C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824} not found.
C:\Users\Public\Desktop\iLivid Download Manager.lnk moved successfully.
C:\WINDOWS\Prefetch\DATAMNGRUI.EXE-258C82CA.pf moved successfully.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
C:\Users\David2\AppData\LocalLow\DataMngr folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 03012012_095238

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


*******************

SystemLook 30.07.11 by jpshortstuff
Log created at 10:02 on 01/03/2012 by David2
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\searchqu.ini --a---- 427 bytes [05:41 11/12/2011] [05:41 11/12/2011] BF55A324B1DC6D9410EA55546B20AA3E
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3521240 bytes [05:41 11/12/2011] [05:41 11/12/2011] 5A5BFCEE355D475577B8E9ABDBB744DF

Searching for "*iLivid*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [05:42 11/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [05:42 11/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [05:42 11/12/2011] [05:42 11/12/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\Downloads\iLividSetupV1.exe --a---- 2060760 bytes [05:40 11/12/2011] [05:40 11/12/2011] A3524B9D0A9BF6462B0A53F7335241D4
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 848 bytes [05:42 11/12/2011] [05:42 11/12/2011] 2EFC86EE70AF85A1B6C6514A1EEDC388
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 226 bytes [05:42 11/12/2011] [05:42 11/12/2011] 650577A961260285F196248E46D75548
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [05:42 11/12/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [05:42 11/12/2011] [05:42 11/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [05:42 11/12/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1495 bytes [05:42 11/12/2011] [05:42 11/12/2011] 203949D4FB1386197E26B79DCD81BA37
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [05:42 11/12/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\_OTL\MovedFiles\03012012_095238\C_Users\Public\Desktop\iLivid Download Manager.lnk --a---- 830 bytes [05:42 11/12/2011] [05:42 11/12/2011] F9E21B0EEAF1C5808984D5F6A248A7EA

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [05:41 11/12/2011] [10:42 09/11/2011] D52605C6182471B3F4A6772FD8E90098
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [05:41 11/12/2011] [10:42 09/11/2011] C9EB93006BD36A3C46DC022DF34D222C
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 978 bytes [05:41 11/12/2011] [10:42 09/11/2011] 0CE6DC5C1FB9591A1973586DDDCBEAEB
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [05:41 11/12/2011] [10:40 09/11/2011] 9AE19546F41AA13225275BB4F71A5BD9
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [05:41 11/12/2011] [10:41 09/11/2011] A98E91A7DA272D0110BD6ED97AD2307B
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] 2AC6FD3683B57B4B001B02E2D15E0D91
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] D0AA98C433EC734FA7FF31128F76A44C
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] 022CDBD1D640AD3168233C9E4588EB34
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [05:41 11/12/2011] [07:11 26/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3521240 bytes [05:41 11/12/2011] [05:41 11/12/2011] 5A5BFCEE355D475577B8E9ABDBB744DF
C:\_OTL\MovedFiles\03012012_095238\C_WINDOWS\Prefetch\DATAMNGRUI.EXE-258C82CA.pf --a---- 3968 bytes [21:47 26/02/2012] [21:47 26/02/2012] 24D6D1B74836DCC0AA0014DE7BDBC141

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\LocalLow\searchquband d------ [06:35 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\LocalLow\searchqutoolbar d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchqutoolbar d------ [05:41 11/12/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid d------ [05:42 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Ilivid Player d------ [05:43 11/12/2011]
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [05:42 11/12/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files\WI371A~1\DATAMNGR d------ [15:06 27/02/2012]
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\03012012_095238\C_Users\David2\AppData\LocalLow\DataMngr d------ [06:35 11/12/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
@="{0.0.0.00000000}.{c032bf38-8a55-4660-a86e-c46fa7125010}|\Device\HarddiskVolume1\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
@="{0.0.0.00000000}.{c032bf38-8a55-4660-a86e-c46fa7125010}|\Device\HarddiskVolume1\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » March 1st, 2012, 5:39 pm

Hi NH, :)

NH wrote:Thanks so much for all this help!
You're quite welcome and I, in turn, will pass along my thanks to the Teacher who is helping me with this thread. :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g.,Before fourth OTL fix) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :processes
      killallprocesses
      
      :Reg
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
      =-
      [HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0]
      =-
      
      :Files
      C:\Program Files\WI371A~1\DATAMNGR
      
      :Commands
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  3. Run SystemLook
    1. Right-click the SystemLook.exe icon on your Desktopand select Run As Administrator to run it.
    2. Copy and paste the contents of the following codebox into the main textfield (do not include the word code:):
      Code: Select all
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
       
    3. Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
      Note: The log can also be found on your Desktop entitled SystemLook.txt

  4. Malware symptoms
    Please mention in your reply how your computer is running and any Malware symptoms that are still present.


Please include in your reply (post logs separately if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the SystemLook.txt log.
  4. A description of how your computer is running and any Malware symptoms that are still present.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » March 1st, 2012, 8:29 pm

Hello Mambass,

I timed how long it took to start my computer after a hard shut down, and it takes ~2 minutes to just load Vista and show me my desktop screen. Then it took another ~26 seconds to open Firefox. At the beginning of all of this Malware removal, I had the impression that it took 5+ minutes to just boot up and get me on the internet, but I never timed it. From this standpoint, it appears the malware removal has helped.

But in my first message post, I also mentioned that I would get pop ups in the lower right corner from AVG free virus scan software that said "AVG has detected high memory usage by the following application: Firefox." By the way, in my original post, I said Windows was the source of this message which was wrong. Anyways, so I opened up both IE and Firefox and I played multiple videos from the internet and I got my CPU usage up to 100% as seen in the Task Manager. I also did get one pop up that said "AVG has detected high memory usage by the following application: Firefox, and it listed 266MB as the memory size. Just for completeness sake, this pop up window says "AVG recommends closing and reopening the application for faster performance." Just one more thing, as I was running multiple videos on IE and Firefox, I looked at the Task Manager Processes tab and the highest memory usages I saw were these: iexplore.exe = 311,828K, plugin-container.exe = 206,808K, firefox.exe = 145,592K. In summary, from this standpoint of this pop up screen showing up, it appears that the malware has not fixed this, because to the best of my memory, I did not have this popping up before all these problems.

BUT, the faster boot up was the main thing annoying me, so I'm very happy that this has been fixed!

Logs attached below. Thanks, NH

========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b8f450d2_0\\ not found.
========== FILES ==========
C:\Program Files\WI371A~1\DATAMNGR folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 03012012_150508

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


*************************************************************


SystemLook 30.07.11 by jpshortstuff
Log created at 15:17 on 01/03/2012 by David2
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\searchqu.ini --a---- 427 bytes [05:41 11/12/2011] [05:41 11/12/2011] BF55A324B1DC6D9410EA55546B20AA3E
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3521240 bytes [05:41 11/12/2011] [05:41 11/12/2011] 5A5BFCEE355D475577B8E9ABDBB744DF

Searching for "*iLivid*"
C:\Users\David2\Favorites\MalWare Removal • View topic - Bandoo-Searchqu-iLivid.url --a---- 299 bytes [06:03 26/01/2012] [06:04 26/01/2012] 8C8B781EE720F8EA469DE08FCA705A09
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [05:42 11/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [05:42 11/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [05:42 11/12/2011] [05:42 11/12/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\Downloads\iLividSetupV1.exe --a---- 2060760 bytes [05:40 11/12/2011] [05:40 11/12/2011] A3524B9D0A9BF6462B0A53F7335241D4
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 848 bytes [05:42 11/12/2011] [05:42 11/12/2011] 2EFC86EE70AF85A1B6C6514A1EEDC388
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 226 bytes [05:42 11/12/2011] [05:42 11/12/2011] 650577A961260285F196248E46D75548
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [05:42 11/12/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [05:42 11/12/2011] [05:42 11/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [05:42 11/12/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1495 bytes [05:42 11/12/2011] [05:42 11/12/2011] 203949D4FB1386197E26B79DCD81BA37
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [05:42 11/12/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\_OTL\MovedFiles\03012012_095238\C_Users\Public\Desktop\iLivid Download Manager.lnk --a---- 830 bytes [05:42 11/12/2011] [05:42 11/12/2011] F9E21B0EEAF1C5808984D5F6A248A7EA

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [05:41 11/12/2011] [10:42 09/11/2011] D52605C6182471B3F4A6772FD8E90098
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [05:41 11/12/2011] [10:42 09/11/2011] C9EB93006BD36A3C46DC022DF34D222C
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 978 bytes [05:41 11/12/2011] [10:42 09/11/2011] 0CE6DC5C1FB9591A1973586DDDCBEAEB
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [05:41 11/12/2011] [10:40 09/11/2011] 9AE19546F41AA13225275BB4F71A5BD9
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [05:41 11/12/2011] [10:41 09/11/2011] A98E91A7DA272D0110BD6ED97AD2307B
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] 2AC6FD3683B57B4B001B02E2D15E0D91
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] D0AA98C433EC734FA7FF31128F76A44C
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [05:41 11/12/2011] [10:42 09/11/2011] 022CDBD1D640AD3168233C9E4588EB34
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [05:41 11/12/2011] [07:11 26/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3521240 bytes [05:41 11/12/2011] [05:41 11/12/2011] 5A5BFCEE355D475577B8E9ABDBB744DF
C:\_OTL\MovedFiles\03012012_095238\C_WINDOWS\Prefetch\DATAMNGRUI.EXE-258C82CA.pf --a---- 3968 bytes [21:47 26/02/2012] [21:47 26/02/2012] 24D6D1B74836DCC0AA0014DE7BDBC141

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\LocalLow\searchquband d------ [06:35 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\LocalLow\searchqutoolbar d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchqutoolbar d------ [05:41 11/12/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\iLivid d------ [05:42 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\02262012_163212\C_Users\David2\AppData\Local\Ilivid Player d------ [05:43 11/12/2011]
C:\_OTL\MovedFiles\03012012_095238\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [05:42 11/12/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02262012_163212\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [05:41 11/12/2011]
C:\_OTL\MovedFiles\03012012_095238\C_Users\David2\AppData\LocalLow\DataMngr d------ [06:35 11/12/2011]
C:\_OTL\MovedFiles\03012012_150508\C_Program Files\WI371A~1\DATAMNGR d------ [15:06 27/02/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » March 2nd, 2012, 10:41 am

Hi NH, :)

Good job so far. :thumbup:

  1. Run a Scan with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList <-- Be sure to select this option
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL.txt and Extras.txt logs.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » March 3rd, 2012, 3:29 pm

Hello Mambass,

I am sensing that we are almost done, so you may not know the answer, but do you know of any other safe program that will allow me to download youtube videos to my HDD? Maybe I should pay for one, and that will ensure it is not malware?

By the way, I took a look below, and I saved a number of files on my desktop that start with the letters: okc_*.*

Cheers,
NH

OTL logfile created on: 3/3/2012 11:15:31 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David2\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.49% Memory free
4.22 Gb Paging File | 3.31 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1853.67 Gb Total Space | 1582.12 Gb Free Space | 85.35% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 0.76 Gb Free Space | 8.13% Space Free | Partition Type: NTFS

Computer Name: DAVID2-PC | User Name: David2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 21:58:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\David2\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/19 22:14:51 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 23:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2007/10/25 05:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 02:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jusched.exe
PRC - [2007/02/15 03:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/19 22:14:51 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/03 02:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/31 21:11:28 | 000,252,416 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BLKWGU.sys -- (BELKIN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 21:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 18:15:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/10 21:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David2\AppData\Roaming\Mozilla\Extensions
[2012/02/26 16:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions
[2012/01/18 19:25:19 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\extensions\avg@toolbar
[2011/12/10 21:41:28 | 000,002,519 | ---- | M] () -- C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchplugins\Search_Results.xml
[2011/12/10 21:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/12 18:15:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/19 22:14:49 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/13 19:17:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/10 21:41:28 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/11 07:31:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{764DEFD8-48B8-48DA-B2C3-4D658B4DEC99}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 13:22:02 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2e8c368-c5cd-11e0-9663-001e8c6e42ed}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 07:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\WI371A~1
[2012/02/26 16:32:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/18 17:56:38 | 000,000,000 | ---D | C] -- C:\Users\David2\Desktop\New Folder
[2012/02/15 20:43:22 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 20:43:22 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/15 20:43:22 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 20:43:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 20:43:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 20:43:22 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 20:43:22 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 20:43:22 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 20:43:21 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 20:43:17 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/12 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\David2\Desktop\lotusesquire

========== Files - Modified Within 30 Days ==========

[2012/03/03 11:04:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 11:04:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 11:02:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 11:02:10 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 09:44:45 | 000,021,243 | ---- | M] () -- C:\Users\David2\Desktop\okc_passetemps_4.jpeg
[2012/03/03 09:44:21 | 000,042,381 | ---- | M] () -- C:\Users\David2\Desktop\okc_passetemps_3.jpeg
[2012/03/03 09:44:03 | 000,015,730 | ---- | M] () -- C:\Users\David2\Desktop\okc_passetemps_2.jpeg
[2012/03/03 09:43:45 | 000,043,027 | ---- | M] () -- C:\Users\David2\Desktop\okc_passetemps_1.jpeg
[2012/03/03 09:03:09 | 090,684,342 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/01 09:57:14 | 000,307,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/28 22:07:43 | 000,037,038 | ---- | M] () -- C:\Users\David2\Desktop\okc_hotladyinabox_2.jpeg
[2012/02/28 22:07:32 | 000,036,064 | ---- | M] () -- C:\Users\David2\Desktop\okc_hotladyinabox_1.jpeg
[2012/02/28 22:05:53 | 000,043,038 | ---- | M] () -- C:\Users\David2\Desktop\okc_yogiatheart3.jpeg
[2012/02/28 22:05:02 | 000,032,352 | ---- | M] () -- C:\Users\David2\Desktop\okc_yogiatheart2.jpeg
[2012/02/28 22:01:08 | 000,023,025 | ---- | M] () -- C:\Users\David2\Desktop\okc_yogiatheart.jpeg
[2012/02/28 21:58:57 | 000,011,204 | ---- | M] () -- C:\Users\David2\Desktop\okc_missusiecue_1.jpeg
[2012/02/28 21:58:45 | 000,033,221 | ---- | M] () -- C:\Users\David2\Desktop\okc_missusiecue_2.jpeg
[2012/02/28 21:57:37 | 000,036,823 | ---- | M] () -- C:\Users\David2\Desktop\okc_flufferstuffer_2cas_sex.jpeg
[2012/02/28 21:56:46 | 000,020,456 | ---- | M] () -- C:\Users\David2\Desktop\okc_poetpaula_4.jpeg
[2012/02/28 21:56:26 | 000,020,044 | ---- | M] () -- C:\Users\David2\Desktop\okc_poetpaula_3.jpeg
[2012/02/28 21:56:13 | 000,021,708 | ---- | M] () -- C:\Users\David2\Desktop\okc_poetpaula_2.jpeg
[2012/02/28 21:56:00 | 000,019,715 | ---- | M] () -- C:\Users\David2\Desktop\okc_poetpaula_1.jpeg
[2012/02/28 21:54:48 | 000,011,578 | ---- | M] () -- C:\Users\David2\Desktop\okc_missjin.jpeg
[2012/02/28 21:51:45 | 000,013,742 | ---- | M] () -- C:\Users\David2\Desktop\okc_voluptuousasian2.jpg
[2012/02/28 21:51:28 | 000,029,412 | ---- | M] () -- C:\Users\David2\Desktop\okc_voluptuousasian.jpg
[2012/02/28 21:39:16 | 000,040,557 | ---- | M] () -- C:\Users\David2\Desktop\okc_flufferstuffer_cas_sex.jpeg
[2012/02/27 07:50:19 | 000,297,074 | ---- | M] () -- C:\Users\David2\Desktop\okc_sweethumor2.jpeg
[2012/02/27 07:49:55 | 000,281,306 | ---- | M] () -- C:\Users\David2\Desktop\okc_sweethumor.jpeg
[2012/02/27 07:43:01 | 000,026,588 | ---- | M] () -- C:\Users\David2\Desktop\okc_bethalli2.jpeg
[2012/02/27 07:42:20 | 000,029,607 | ---- | M] () -- C:\Users\David2\Desktop\okc_bethalli.jpeg
[2012/02/26 16:46:43 | 000,139,264 | ---- | M] () -- C:\Users\David2\Desktop\SystemLook.exe
[2012/02/26 15:50:51 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/26 15:50:51 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/22 22:33:42 | 000,040,186 | ---- | M] () -- C:\Users\David2\Desktop\okc_nidifugous6.jpeg
[2012/02/22 22:33:14 | 000,010,467 | ---- | M] () -- C:\Users\David2\Desktop\okc_nidifugous5.jpeg
[2012/02/22 22:33:00 | 000,023,418 | ---- | M] () -- C:\Users\David2\Desktop\okc_nidifugous4.jpeg
[2012/02/22 22:32:47 | 000,034,644 | ---- | M] () -- C:\Users\David2\Desktop\okc_nidifugous3.jpeg
[2012/02/22 22:32:31 | 000,010,721 | ---- | M] () -- C:\Users\David2\Desktop\okc_nidifugous2.jpeg
[2012/02/22 22:32:15 | 000,024,293 | ---- | M] () -- C:\Users\David2\Desktop\okc_nidifugous1.jpeg
[2012/02/12 18:24:26 | 000,236,710 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2012/03/03 09:44:43 | 000,021,243 | ---- | C] () -- C:\Users\David2\Desktop\okc_passetemps_4.jpeg
[2012/03/03 09:44:20 | 000,042,381 | ---- | C] () -- C:\Users\David2\Desktop\okc_passetemps_3.jpeg
[2012/03/03 09:44:00 | 000,015,730 | ---- | C] () -- C:\Users\David2\Desktop\okc_passetemps_2.jpeg
[2012/03/03 09:43:41 | 000,043,027 | ---- | C] () -- C:\Users\David2\Desktop\okc_passetemps_1.jpeg
[2012/02/28 22:07:42 | 000,037,038 | ---- | C] () -- C:\Users\David2\Desktop\okc_hotladyinabox_2.jpeg
[2012/02/28 22:07:31 | 000,036,064 | ---- | C] () -- C:\Users\David2\Desktop\okc_hotladyinabox_1.jpeg
[2012/02/28 22:05:52 | 000,043,038 | ---- | C] () -- C:\Users\David2\Desktop\okc_yogiatheart3.jpeg
[2012/02/28 22:05:01 | 000,032,352 | ---- | C] () -- C:\Users\David2\Desktop\okc_yogiatheart2.jpeg
[2012/02/28 22:01:06 | 000,023,025 | ---- | C] () -- C:\Users\David2\Desktop\okc_yogiatheart.jpeg
[2012/02/28 21:58:55 | 000,011,204 | ---- | C] () -- C:\Users\David2\Desktop\okc_missusiecue_1.jpeg
[2012/02/28 21:58:44 | 000,033,221 | ---- | C] () -- C:\Users\David2\Desktop\okc_missusiecue_2.jpeg
[2012/02/28 21:57:34 | 000,036,823 | ---- | C] () -- C:\Users\David2\Desktop\okc_flufferstuffer_2cas_sex.jpeg
[2012/02/28 21:56:44 | 000,020,456 | ---- | C] () -- C:\Users\David2\Desktop\okc_poetpaula_4.jpeg
[2012/02/28 21:56:24 | 000,020,044 | ---- | C] () -- C:\Users\David2\Desktop\okc_poetpaula_3.jpeg
[2012/02/28 21:56:11 | 000,021,708 | ---- | C] () -- C:\Users\David2\Desktop\okc_poetpaula_2.jpeg
[2012/02/28 21:55:59 | 000,019,715 | ---- | C] () -- C:\Users\David2\Desktop\okc_poetpaula_1.jpeg
[2012/02/28 21:54:47 | 000,011,578 | ---- | C] () -- C:\Users\David2\Desktop\okc_missjin.jpeg
[2012/02/28 21:51:43 | 000,013,742 | ---- | C] () -- C:\Users\David2\Desktop\okc_voluptuousasian2.jpg
[2012/02/28 21:51:26 | 000,029,412 | ---- | C] () -- C:\Users\David2\Desktop\okc_voluptuousasian.jpg
[2012/02/28 21:39:11 | 000,040,557 | ---- | C] () -- C:\Users\David2\Desktop\okc_flufferstuffer_cas_sex.jpeg
[2012/02/27 07:50:18 | 000,297,074 | ---- | C] () -- C:\Users\David2\Desktop\okc_sweethumor2.jpeg
[2012/02/27 07:49:53 | 000,281,306 | ---- | C] () -- C:\Users\David2\Desktop\okc_sweethumor.jpeg
[2012/02/27 07:43:00 | 000,026,588 | ---- | C] () -- C:\Users\David2\Desktop\okc_bethalli2.jpeg
[2012/02/27 07:42:17 | 000,029,607 | ---- | C] () -- C:\Users\David2\Desktop\okc_bethalli.jpeg
[2012/02/26 16:46:41 | 000,139,264 | ---- | C] () -- C:\Users\David2\Desktop\SystemLook.exe
[2012/02/22 22:33:40 | 000,040,186 | ---- | C] () -- C:\Users\David2\Desktop\okc_nidifugous6.jpeg
[2012/02/22 22:33:12 | 000,010,467 | ---- | C] () -- C:\Users\David2\Desktop\okc_nidifugous5.jpeg
[2012/02/22 22:32:59 | 000,023,418 | ---- | C] () -- C:\Users\David2\Desktop\okc_nidifugous4.jpeg
[2012/02/22 22:32:45 | 000,034,644 | ---- | C] () -- C:\Users\David2\Desktop\okc_nidifugous3.jpeg
[2012/02/22 22:32:30 | 000,010,721 | ---- | C] () -- C:\Users\David2\Desktop\okc_nidifugous2.jpeg
[2012/02/22 22:32:13 | 000,024,293 | ---- | C] () -- C:\Users\David2\Desktop\okc_nidifugous1.jpeg
[2011/11/02 18:08:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/02 18:08:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/02 18:07:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/09 16:38:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/31 07:57:37 | 000,003,584 | ---- | C] () -- C:\Users\David2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/25 15:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007/12/08 13:11:51 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/12/08 13:02:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1332.dll
[2007/12/08 12:53:38 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/12/08 12:51:18 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/08 12:51:18 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,307,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2012/02/26 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\David2\AppData\Roaming\Audacity
[2011/11/02 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\David2\AppData\Roaming\AVG2012
[2011/07/10 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\David2\AppData\Roaming\Snapfish
[2012/03/03 10:24:36 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

*******************************************************************


OTL Extras logfile created on: 3/3/2012 11:15:31 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David2\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.49% Memory free
4.22 Gb Paging File | 3.31 Gb Available in Paging File | 78.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1853.67 Gb Total Space | 1582.12 Gb Free Space | 85.35% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 0.76 Gb Free Space | 8.13% Space Free | Partition Type: NTFS

Computer Name: DAVID2-PC | User Name: David2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28748B5C-0E2A-411A-BE62-F7DC82CF10D1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{2F612E17-0606-4F62-ACC2-A08395CAF906}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32BF4161-CBCC-4126-BD02-20A4333EA9F1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{33C253C3-0FF2-4D50-8A18-9D7ECE7DA665}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3AA7EA39-71FF-47EB-B627-91A601D9D31E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3D90C4E9-4B9D-466F-91C1-1378DD0DB345}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{41AF91C7-33C3-4511-B339-E76DB1949B86}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{53943A12-F438-4523-8951-3B207F342037}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{60C09C08-34B8-4992-9F2D-A352F24137A3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{65C66E7C-A058-4E64-90FA-EA71FDFCBCDF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9E4C8787-40AE-41CF-A4C4-E828D96E9B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BB11F9D3-9358-463D-BE9F-6673783C6B38}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C97A4B85-01A2-4D41-BDDA-1A4DC37195AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D64E0A7C-C743-4930-9A4F-2B04C926636D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F34CEB3C-4E42-435F-A00C-1F41864C8C71}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F837DA8B-B8BC-41CE-BA31-AA87BA2BF9EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{FBD9846E-280E-4D62-B4A4-1A71EE926474}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FFCA5CC1-1671-4E81-8297-0A2062CB0641}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Driver
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WildTangent hp Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/25/2012 3:21:37 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:38 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:38 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:40 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:40 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:40 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:40 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:41 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 3:21:41 AM | Computer Name = David2-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/13/2012 10:31:17 AM | Computer Name = David2-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xd14, application start time
0x01ccea5c20607950.

[ System Events ]
Error - 2/28/2012 4:28:16 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/29/2012 12:59:24 AM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/29/2012 12:59:24 AM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2012 1:30:14 PM | Computer Name = David2-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/1/2012 1:53:57 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/1/2012 1:58:16 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/1/2012 1:58:16 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/1/2012 6:56:10 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/3/2012 12:58:10 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/3/2012 12:58:10 PM | Computer Name = David2-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm

Re: iLivid / Bandoo / Searchqu problem?

Unread postby mambass » March 3rd, 2012, 11:32 pm

Hi NH, :)

I am sensing that we are almost done, so you may not know the answer, but do you know of any other safe program that will allow me to download youtube videos to my HDD? Maybe I should pay for one, and that will ensure it is not malware?
I'm not positive but I believe that the free Real Player has an option that will allow you to download their videos. If not then try Google or post the question in a Windows tech forum.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g., Before fifth OTL fix) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Remove Programs Using Control Panel
    You have the WeatherBug Gadget installed. If this is not something that you intentionally installed then please add that to the list of applications to be removed below.

    1. Click Start > Control Panel and then double-click on Programs and Features.
    2. For each program below, if it exists in the list of installed applications, right-click the Entry, choose Uninstall/Change, and give permission to Continue:

      Java(TM) SE Runtime Environment 6 Update 1
      Adobe Reader 8.1.0

      Take extra care in answering questions posed by any Uninstaller.

  3. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :processes
      killallprocesses
      
      :OTL
      FF - prefs.js..browser.search.defaultenginename: "Search Results"
      FF - prefs.js..browser.search.order.1: "Search Results"
      FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="
      O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
      O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-3721252062-802896268-3220788300-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
      O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" = 0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" = 0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" = 0
      
      :Files
      C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchplugins\Search_Results.xml
      C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
      C:\Program Files\WI371A~1
      
      :Commands
      [PURITY]
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  4. Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
    1. Click here to download the AdbeRdr1012_en_US.exe installer and save it to your desktop.
    2. Right-click the installer and select Run As Administrator to install the latest version of Adobe Reader.
    3. After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
    4. Click on Edit and select Preferences.
    5. On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    6. Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    7. Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    8. Click the OK button
    9. When it finishes, you can remove the Installer from your desktop.

  5. Install Java Runtime Environment
    1. Please goto http://www.oracle.com/technetwork/java/javase/downloads/index.html
    2. Find the section labeled Java SE 6 Update 31 and click on the JRE Download button. (DO NOT click the JDK Download button).
    3. Click the Accept License Agreement option.
    4. Find the Windows x86 Offline entry, click the jre-6u31-windows-i586.exe link and save the installer on your Desktop.
    5. Right-click the jre-6u31-windows-i586.exe icon on your Desktop and select Run As Administrator to install the newest version of Java.
      1. During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
      2. Also always UNCHECK any offer for Ask Toolbar during the installation of Java or any other product.
    6. When it finishes, you can remove the Installer from your desktop.

  6. Are you experiencing any malware symptoms at this point?
    In your reply, please provide a description of how your computer is running and any Malware symptoms that are still present.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. A description of how your computer is running and any Malware symptoms that are still present.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: iLivid / Bandoo / Searchqu problem?

Unread postby nefarioushoyden » March 6th, 2012, 3:42 am

Hello Mambass,

I removed these 2 programs using the uninstall feature in the Control Panel.

Java(TM) SE Runtime Environment 6 Update 1
Adobe Reader 8.1.0

In both (i) the list of installed programs in the Control Panel and (ii) in the C:\Programs Files folder, I could not find Weatherbug listed as a program. Then I Googled around and I found these instructions below which seemed to be the most thorough and well written ones. I do have a folder called AWS in my C:\Program Files, which is connected to Weatherbug. I have not followed these instructions yet, so should I follow these instructions from EHow.com? I wanted to wait to run the OTL until I heard back from you on how to uninstall the Weatherbug.

Thanks, NefariousHoyden

http://www.ehow.com/how_5035176_remove-weatherbug.html

Instructions -- WeatherBug Process
1

Hold down the CTRL, ALT and DEL at the same time or click "Start" and type "taskmgr" in the Run box. Click "OK" to open the Windows Task Manager.
2

Select the "Processes" tab and click "Image Name."

3

Choose "WeatherBug.exe." and choose "End Process." Close out of the Task Manager.
WeatherBug Registry
4

Go to "Start" and type "regedit" in the Run box. Cclick "OK" to open the Registry Editor.
5

Select the first folder in the left-hand pane: HKEY_CLASSES_ROOT. Hold down the "Ctrl" and press the "F" key to open the registry search box.
6

Type "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Weather=C:\Program Files\AWS\WeatherBug\weather.exe" into the search box and hit "Enter." Right-click on the file and choose "Delete."
7

Type "HKEY_CURRENT_USER\Software\AWS" into the search box and hit "Enter." Right-click on the file and choose "Delete."
8

Type "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}" into the search box and hit "Enter." Right-click on the file and choose "Delete."
9

Type "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IE4\DependantComponents\WeatherBug" into the search box and hit "Enter." Right-click on the file and choose "Delete."
10

Type "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug" into the search box and hit "Enter." Right-click on the file and choose "Delete."
WeatherBug Process Files
11

Click the "Start" button and double-click "My Computer." Choose "Tools" and select "Folder Options." Click "View." Check "Show Hidden Files and Folders" and uncheck "Hide Operating System Files." Close Folder Options and the My Computer window.
12

Click "Start." Type "cmd" into the Run box. Click "OK." The Command Prompt box will open.
13

Type "weather.exe" and hit "Enter." Type "remove.exe" and hit "Enter." Type the letter "Y" and hit "Enter" to delete the file.
WeatherBug Directory
14

Click on "My Computer and double-click on the "C:" drive.
15

Double-click on "Program Files." Open the "AWS" folder.
16

Right-click on "WeatherBug" and choose "Delete." Close the "My Computer" window.
17

Empty the Recycle Bin and restart your computer.


Read more: How to Remove WeatherBug | eHow.com http://www.ehow.com/how_5035176_remove- ... z1oJtuSzns
nefarioushoyden
Active Member
 
Posts: 10
Joined: February 20th, 2012, 5:00 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware