Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ilivid searchqu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ilivid searchqu

Unread postby loowee2 » February 22nd, 2012, 2:36 am

Hi, my friend somehow got ilivid installed on my laptop and www.searchqu.com was set as my homepage and my search provider was changed. Also, i notice that my computer runs significantly slower and is constantly at 40-50% of its physical memory without any programs running. Here is my DDS log:

Thanks for the help,
Ryan
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Karen at 22:24:49 on 2012-02-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3885.1817 [GMT -8:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Shockwave.com\Plants vs Zombies\Plants vs Zombies.exe
C:\Program Files (x86)\Shockwave.com\Plants vs Zombies\product\PlantsVsZombies.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [Google Update] "C:\Users\Karen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.11/uploader2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{662865B1-F2F5-4AD3-9179-4A683108C5D3} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{662865B1-F2F5-4AD3-9179-4A683108C5D3}\642594A4F4C45435 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs:
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120218.003\IDSviA64.sys [2012-2-21 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-11 127352]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-21 652360]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-4 2314240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-21 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-19 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-19 135664]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-22 05:42:16 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-02-22 05:42:07 -------- d-----w- C:\Users\Karen\AppData\Local\NPE
2012-02-22 05:12:35 -------- d-----w- C:\Users\Karen\AppData\Local\ElevatedDiagnostics
2012-02-22 04:30:44 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes
2012-02-22 04:30:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-22 04:30:33 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-22 04:30:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-22 04:16:11 388096 ----a-r- C:\Users\Karen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-22 04:16:11 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-21 17:53:01 -------- d-----w- C:\Users\Karen\AppData\Local\Ilivid Player
2012-02-21 17:51:39 -------- d-----w- C:\Users\Karen\AppData\Local\PackageAware
2012-02-16 03:12:23 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 03:12:23 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 03:12:12 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 03:12:12 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 03:12:05 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 05:20:57 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-01-31 05:20:57 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-01-31 05:20:57 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-01-31 05:20:57 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-01-31 05:20:57 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-01-31 05:20:56 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-01-31 05:20:34 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
.
==================== Find3M ====================
.
2012-01-08 07:50:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-29 17:33:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 22:27:10.91 ===============
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am
Advertisement
Register to Remove

Re: ilivid searchqu

Unread postby askey127 » February 22nd, 2012, 7:11 am

Hi loowee2,
That "friend" needs to stop clicking. iLivid installs a lot of junk on your machine.
You will get to see as we remove it.

Please don't install, uninstall, or scan with anything unless I ask, until we are done.
----------------------------------------------
Preliminary Removals with an OTL Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
SQW7-Vista_x64.TXT
Make sure that Fix.txt is the exact filename used, and that you can find it.
----------------------------------------------
Perform a Custom Fix with OTL
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Right click the OTL icon and choose "Run as administrator".
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to highlight the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button in OTL.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

So we are looking for the contents of OTL.txt and Systemlook.txt.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ilivid searchqu

Unread postby loowee2 » February 22nd, 2012, 11:56 am

I forgot to mention that I tried to remove the files prior to posting on the forum. I uninstalled the three iLivid/bandoo programs listed in the add/remove program list.

Here is the OTL .txt file:

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
C:\Users\Karen\AppData\Local\Ilivid Player folder moved successfully.
File/Folder C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Karen\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Karen\AppData\Local\Temp\BandooV6.exe not found.
C:\Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\Karen\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Karen\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
C:\Users\Karen\AppData\Local\Temp\ilivid.7z moved successfully.
C:\Users\Karen\AppData\Local\Temp\searchqu.ini moved successfully.
C:\Users\Karen\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\Karen\AppData\LocalLow\searchquband folder moved successfully.
File/Folder C:\Users\Karen\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Karen\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Karen\Downloads\iLividSetupV1.exe not found.
C:\Users\Karen\AppData\LocalLow\DataMngr folder moved successfully.
File/Folder C:\Users\Karen\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Karen\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Karen\Desktop\cmd.bat deleted successfully.
C:\Users\Karen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen
->Temp folder emptied: 33746504 bytes
->Temporary Internet Files folder emptied: 48872992 bytes
->Java cache emptied: 2411049 bytes
->Google Chrome cache emptied: 102824455 bytes
->Flash cache emptied: 175166 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20407015 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 1180283890 bytes

Total Files Cleaned = 1,325.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 02222012_070947

Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8GC4M1M\4fu8RBPDDCYpod03lr_bYQ[1].eot moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8GC4M1M\frame[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8GC4M1M\frame[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8GC4M1M\frame[3].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8GC4M1M\mail[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O7ZLREV\search[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O7ZLREV\viewforum[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9600ZSLX\gplus_notifications_gadget[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9600ZSLX\search[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9600ZSLX\ucp[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9600ZSLX\viewtopic[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MOR00SF\mail[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MOR00SF\mail[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MOR00SF\viewtopic[1].php moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby loowee2 » February 22nd, 2012, 12:09 pm

Thanks again for the help. Here is the system look txt file:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:49 on 22/02/2012 by Karen
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\searchqu.ini --a---- 432 bytes [17:51 21/02/2012] [17:51 21/02/2012] CF4A16AC08DBFAF8DA08291870F8CAE9
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [17:51 21/02/2012] [17:51 21/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*iLivid*"
C:\Users\Karen\AppData\Local\CrashDumps\ilivid.exe.6720.dmp --a---- 5718962 bytes [18:06 21/02/2012] [18:06 21/02/2012] 8A4AC94B59D3C2228A80D0D8FCD1F14E
C:\Users\Karen\AppData\Local\CrashDumps\ilivid.exe.7076.dmp --a---- 5718214 bytes [18:40 21/02/2012] [18:40 21/02/2012] 5D13C281964057DB646DCF8E84FBC81A
C:\Users\Karen\Music\iLividSetupV1.exe --a---- 2063040 bytes [17:51 21/02/2012] [17:51 21/02/2012] 8E470559EBAD98E555C7BBED4D393BC8
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [17:52 21/02/2012] [17:52 21/02/2012] B38425304D8D2AAA300A7ECC2F9741BC

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [17:51 21/02/2012] [17:51 21/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\LocalLow\searchquband d------ [17:53 21/02/2012]

Searching for "*iLivid*"
C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_0ab7aa8c d----c- [18:40 21/02/2012]
C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_1b944007 d----c- [18:06 21/02/2012]
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Ilivid Player d------ [17:53 21/02/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\LocalLow\DataMngr d------ [17:53 21/02/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=150&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://account.software.informer.com/pages/150/]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://account.software.informer.com/pages/150/","htmlTidbits":["<EM>ilivid</EM> is a download manager with a bunch of powerful features that makes it the ","the original Microsoft Windows <EM>memory</EM> and cache management procedures, ","lens aberrations (distortion, vignetting) of consumer or <EM>high</EM>-end digital cameras"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["ilivid is a download manag
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://account.software.informer.com/pages/150/]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://account.software.informer.com/pages/150/","htmlTidbits":["<EM>ilivid</EM> is a download manager with a bunch of powerful features that makes it the ","the original Microsoft Windows <EM>memory</EM> and cache management procedures, ","lens aberrations (distortion, vignetting) of consumer or <EM>high</EM>-end digital cameras"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["ilivid is a download m
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://forums.malwarebytes.org/index.php?showtopic=103808]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://forums.malwarebytes.org/index.php?showtopic=103808","htmlTidbits":["Scan options enabled: <EM>Memory</EM> | Startup | Registry | File System"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Scan options enabled: Memory | Startup | Registry | File System"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://forums.malwarebytes.org/index.php?showtopic=103808]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://forums.malwarebytes.org/index.php?showtopic=103808","htmlTidbits":["Scan options enabled: <EM>Memory</EM> | Startup | Registry | File System"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Scan options enabled: Memory | Startup | Registry | File System"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://ilivid-download-manager.en.softonic.com/]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://ilivid-download-manager.en.softonic.com/]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://ilivid-download-manager.en.softonic.com/","htmlTidbits":["<EM>Safe</EM> downloads."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Safe downloads."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://ilivid-download-manager.en.softonic.com/]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://ilivid-download-manager.en.softonic.com/","htmlTidbits":["<EM>Safe</EM> downloads."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Safe downloads."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0","htmlTidbits":["that says \" Windows has detected <EM>high memory</EM> usage by the program Firefox"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["that says \" Windows has detected high memory usage by the program Firefox"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0","htmlTidbits":["that says \" Windows has detected <EM>high memory</EM> usage by the program Firefox"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["that says \" Windows has detected high memory usage by the program Firefox"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml","htmlTidbits":["From : Simon <EM>Large</EM> &lt;simon.tortoisesvn_at_gmail.com&gt;","\"Powered by <EM>iLivid</EM>\", which does not in any sense indicate that it is","If my <EM>memory</EM> is correct, the first thing that happened was a message box &gt; saying it was loading"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["From : Simon Larg
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml","htmlTidbits":["From : Simon <EM>Large</EM> &lt;simon.tortoisesvn_at_gmail.com&gt;","\"Powered by <EM>iLivid</EM>\", which does not in any sense indicate that it is","If my <EM>memory</EM> is correct, the first thing that happened was a message box &gt; saying it was loading"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["From : Simon
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://systemexplorer.net/db/ilivid.exe.html]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://systemexplorer.net/db/ilivid.exe.html]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://systemexplorer.net/db/ilivid.exe.html","htmlTidbits":["Latest new variant of the file with name \"<EM>ilivid</EM>.exe\" was discovered 64 days ago. Our database contains 3 variants of the file \"<EM>ilivid</EM>.exe\" with final rating <EM>Safe</EM> and"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Latest new variant of the file with name \"ilivid.exe\" was discovered 64 days ago. Our database contains 3 variants
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://systemexplorer.net/db/ilivid.exe.html]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://systemexplorer.net/db/ilivid.exe.html","htmlTidbits":["Latest new variant of the file with name \"<EM>ilivid</EM>.exe\" was discovered 64 days ago. Our database contains 3 variants of the file \"<EM>ilivid</EM>.exe\" with final rating <EM>Safe</EM> and"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Latest new variant of the file with name \"ilivid.exe\" was discovered 64 days ago. Our database contains
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://windows.podnova.com/trends/ilivid_extract_for_mac.html]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://windows.podnova.com/trends/ilivid_extract_for_mac.html]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://windows.podnova.com/trends/ilivid_extract_for_mac.html","htmlTidbits":["MP4, M4V and other audio formats with <EM>high</EM> quality and fast conversion speed, even more,"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["MP4, M4V and other audio formats with high quality and fast conversion speed, even more,"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://windows.podnova.com/trends/ilivid_extract_for_mac.html]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://windows.podnova.com/trends/ilivid_extract_for_mac.html","htmlTidbits":["MP4, M4V and other audio formats with <EM>high</EM> quality and fast conversion speed, even more,"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["MP4, M4V and other audio formats with high quality and fast conversion speed, even more,"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html","htmlTidbits":["Components; Digital Cameras; Laptops; <EM>Memory</EM>; Monitors; Printers"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Components; Digital Cameras; Laptops; Memory; Monitors; Printers"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html","htmlTidbits":["Components; Digital Cameras; Laptops; <EM>Memory</EM>; Monitors; Printers"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Components; Digital Cameras; Laptops; Memory; Monitors; Printers"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum","htmlTidbits":["More results for windows <EM>ilivid</EM> toolbar kald <EM>ram</EM> yorum: Decrease and Increase Icon Size in Windows 7 Toolbar Know-how | 604 Views As usual, <EM>large</EM> things will"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["More results for windows ilivid toolbar kald ram yorum: Decrease
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum","htmlTidbits":["More results for windows <EM>ilivid</EM> toolbar kald <EM>ram</EM> yorum: Decrease and Increase Icon Size in Windows 7 Toolbar Know-how | 604 Views As usual, <EM>large</EM> things will"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["More results for windows ilivid toolbar kald ram yorum: Decr
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html","htmlTidbits":["drive, Flash disk, Thumb drive, USB zip drive, <EM>memory</EM> stick, USB key, magic stick,."],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["drive, Flash disk, Thumb drive, USB zip drive, memory stick, USB key, magic stick,."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html","htmlTidbits":["drive, Flash disk, Thumb drive, USB zip drive, <EM>memory</EM> stick, USB key, magic stick,."],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["drive, Flash disk, Thumb drive, USB zip drive, memory stick, USB key, magic stick,."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server]
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server","htmlTidbits":["Next going to <EM>memory</EM> and selecting check <EM>memory</EM> cache to on server abends.","<EM>Hi</EM>, First of all, we have 2 music room, 15 PC in each room, we are using"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Next going to memory and selecting check memor
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server","htmlTidbits":["Next going to <EM>memory</EM> and selecting check <EM>memory</EM> cache to on server abends.","<EM>Hi</EM>, First of all, we have 2 music room, 15 PC in each room, we are using"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Next going to memory and selecting check m
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145","htmlTidbits":["Boot to <EM>Safe</EM> Mode - <EM>Safely</EM>."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot to Safe Mode - Safely."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145","htmlTidbits":["Boot to <EM>Safe</EM> Mode - <EM>Safely</EM>."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot to Safe Mode - Safely."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.secuobs.com/revue/news/link305603.shtml]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.secuobs.com/revue/news/link305603.shtml","htmlTidbits":["Boot in <EM>safe</EM> mode or boot in the dos prompt if needed. You can use windows search utility to search for <EM>ilivid</EM>.exe, iLividSetupV1.exe. Files"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot in safe mode or boot in the dos prompt if needed. You can use windows search utility to search for ilivid.exe, iLividSetupV1.exe. Files"],
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\http://www.secuobs.com/revue/news/link305603.shtml]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.secuobs.com/revue/news/link305603.shtml","htmlTidbits":["Boot in <EM>safe</EM> mode or boot in the dos prompt if needed. You can use windows search utility to search for <EM>ilivid</EM>.exe, iLividSetupV1.exe. Files"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot in safe mode or boot in the dos prompt if needed. You can use windows search utility to search for ilivid.exe, iLividSetupV1.ex
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://ilivid-download-manager.en.softonic.com/"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://systemexplorer.net/db/ilivid.exe.html"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://www.secuobs.com/revue/news/link305603.shtml"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://forums.malwarebytes.org/index.php?showtopic=103808"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://windows.podnova.com/trends/ilivid_extract_for_mac.html"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://account.software.informer.com/pages/150/"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://account.software.informer.com/pages/150/]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://account.software.informer.com/pages/150/","htmlTidbits":["<EM>ilivid</EM> is a download manager with a bunch of powerful features that makes it the ","the original Microsoft Windows <EM>memory</EM> and cache management procedures, ","lens aberrations (distortion, vignetting) of consumer or <EM>high</EM>-end digital cameras"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://account.software.informer.com/pages/150/]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://account.software.informer.com/pages/150/","htmlTidbits":["<EM>ilivid</EM> is a download manager with a bunch of powerful features that makes it the ","the original Microsoft Windows <EM>memory</EM> and cache management procedures, ","lens aberrations (distortion, vignetting) of consumer or <EM>high</EM>-end digital cameras"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":fal
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://forums.malwarebytes.org/index.php?showtopic=103808]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://forums.malwarebytes.org/index.php?showtopic=103808","htmlTidbits":["Scan options enabled: <EM>Memory</EM> | Startup | Registry | File System"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Scan options enabled: Memory | Startup | Registry | File System"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://forums.malwarebytes.org/index.php?showtopic=103808]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://forums.malwarebytes.org/index.php?showtopic=103808","htmlTidbits":["Scan options enabled: <EM>Memory</EM> | Startup | Registry | File System"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Scan options enabled: Memory | Startup | Registry | File System"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://ilivid-download-manager.en.softonic.com/]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://ilivid-download-manager.en.softonic.com/]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://ilivid-download-manager.en.softonic.com/","htmlTidbits":["<EM>Safe</EM> downloads."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Safe downloads."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://ilivid-download-manager.en.softonic.com/]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://ilivid-download-manager.en.softonic.com/","htmlTidbits":["<EM>Safe</EM> downloads."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Safe downloads."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0","htmlTidbits":["that says \" Windows has detected <EM>high memory</EM> usage by the program Firefox"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["that says \" Windows has detected high memory usage by the program Firefox"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0","htmlTidbits":["that says \" Windows has detected <EM>high memory</EM> usage by the program Firefox"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["that says \" Windows has detected high memory usage by the program Firefox"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml","htmlTidbits":["From : Simon <EM>Large</EM> &lt;simon.tortoisesvn_at_gmail.com&gt;","\"Powered by <EM>iLivid</EM>\", which does not in any sense indicate that it is","If my <EM>memory</EM> is correct, the first thing that happened was a message box &gt; saying it was loading"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml","htmlTidbits":["From : Simon <EM>Large</EM> &lt;simon.tortoisesvn_at_gmail.com&gt;","\"Powered by <EM>iLivid</EM>\", which does not in any sense indicate that it is","If my <EM>memory</EM> is correct, the first thing that happened was a message box &gt; saying it was loading"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://systemexplorer.net/db/ilivid.exe.html]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://systemexplorer.net/db/ilivid.exe.html]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://systemexplorer.net/db/ilivid.exe.html","htmlTidbits":["Latest new variant of the file with name \"<EM>ilivid</EM>.exe\" was discovered 64 days ago. Our database contains 3 variants of the file \"<EM>ilivid</EM>.exe\" with final rating <EM>Safe</EM> and"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Latest new variant of the file with name \"ilivid.exe\" was discovered 64 days
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://systemexplorer.net/db/ilivid.exe.html]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://systemexplorer.net/db/ilivid.exe.html","htmlTidbits":["Latest new variant of the file with name \"<EM>ilivid</EM>.exe\" was discovered 64 days ago. Our database contains 3 variants of the file \"<EM>ilivid</EM>.exe\" with final rating <EM>Safe</EM> and"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Latest new variant of the file with name \"ilivid.exe\" was discover
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://windows.podnova.com/trends/ilivid_extract_for_mac.html]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://windows.podnova.com/trends/ilivid_extract_for_mac.html]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://windows.podnova.com/trends/ilivid_extract_for_mac.html","htmlTidbits":["MP4, M4V and other audio formats with <EM>high</EM> quality and fast conversion speed, even more,"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["MP4, M4V and other audio formats with high quality and fast conversion speed, even more,"],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://windows.podnova.com/trends/ilivid_extract_for_mac.html]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://windows.podnova.com/trends/ilivid_extract_for_mac.html","htmlTidbits":["MP4, M4V and other audio formats with <EM>high</EM> quality and fast conversion speed, even more,"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["MP4, M4V and other audio formats with high quality and fast conversion speed, even more,"],"ved":null,"vsClickedTidbitIndex":-
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html","htmlTidbits":["Components; Digital Cameras; Laptops; <EM>Memory</EM>; Monitors; Printers"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Components; Digital Cameras; Laptops; Memory; Monitors; Printers"],"ved":null,"v
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html","htmlTidbits":["Components; Digital Cameras; Laptops; <EM>Memory</EM>; Monitors; Printers"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Components; Digital Cameras; Laptops; Memory; Monitors; Printers"],"ved":nul
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum","htmlTidbits":["More results for windows <EM>ilivid</EM> toolbar kald <EM>ram</EM> yorum: Decrease and Increase Icon Size in Windows 7 Toolbar Know-how | 604 Views As usual, <EM>large</EM> things will"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["More results for windows il
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum","htmlTidbits":["More results for windows <EM>ilivid</EM> toolbar kald <EM>ram</EM> yorum: Decrease and Increase Icon Size in Windows 7 Toolbar Know-how | 604 Views As usual, <EM>large</EM> things will"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["More results for window
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html","htmlTidbits":["drive, Flash disk, Thumb drive, USB zip drive, <EM>memory</EM> stick, USB key, magic stick,."],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["drive, Flash disk, Thumb drive, USB zip drive, memory stick, USB key, magic stick,."],"ved":null,"vsClickedTidbitIn
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html","htmlTidbits":["drive, Flash disk, Thumb drive, USB zip drive, <EM>memory</EM> stick, USB key, magic stick,."],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["drive, Flash disk, Thumb drive, USB zip drive, memory stick, USB key, magic stick,."],"ved":null,"vsClickedTidb
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server]
"ilivid high memory"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server","htmlTidbits":["Next going to <EM>memory</EM> and selecting check <EM>memory</EM> cache to on server abends.","<EM>Hi</EM>, First of all, we have 2 music room, 15 PC in each room, we are using"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Next goin
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server]
"TolET6LxO4mciAKtqa3gDg"="{"debug":null,"ei":"TolET6LxO4mciAKtqa3gDg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server","htmlTidbits":["Next going to <EM>memory</EM> and selecting check <EM>memory</EM> cache to on server abends.","<EM>Hi</EM>, First of all, we have 2 music room, 15 PC in each room, we are using"],"minimized":false,"query":"ilivid high memory","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&q=ilivid%20high%20memory&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=1aef0db0b8ed3188&ion=1&ion=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1441&bih=593","seen":false,"tidbits":["Next
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145","htmlTidbits":["Boot to <EM>Safe</EM> Mode - <EM>Safely</EM>."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot to Safe Mode - Safely."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145","htmlTidbits":["Boot to <EM>Safe</EM> Mode - <EM>Safely</EM>."],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot to Safe Mode - Safely."],"ved":null,"vsClickedTidbitIndex":-1}"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.secuobs.com/revue/news/link305603.shtml]
"ilivid safe"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.secuobs.com/revue/news/link305603.shtml","htmlTidbits":["Boot in <EM>safe</EM> mode or boot in the dos prompt if needed. You can use windows search utility to search for <EM>ilivid</EM>.exe, iLividSetupV1.exe. Files"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot in safe mode or boot in the dos prompt if needed. You can use windows search utility to search for il
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\http://www.secuobs.com/revue/news/link305603.shtml]
"1IhET42uH6OdiQLT-524Dg"="{"debug":null,"ei":"1IhET42uH6OdiQLT-524Dg","fromVisualSnippet":false,"hasEbmTidbits":true,"href":"http://www.secuobs.com/revue/news/link305603.shtml","htmlTidbits":["Boot in <EM>safe</EM> mode or boot in the dos prompt if needed. You can use windows search utility to search for <EM>ilivid</EM>.exe, iLividSetupV1.exe. Files"],"minimized":false,"query":"ilivid safe","searchUrl":"http://www.google.com/webhp?sourceid=toolbar-instant&hl=en&ion=1&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368#hl=en&gs_nf=1&cp=7&gs_id=p&xhr=t&q=ilivid+safe&pf=p&qscrl=1&nord=1&rlz=1T4ADRA_enUS367US368&sclient=psy-ab&pbx=1&oq=ilivid+&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=1aef0db0b8ed3188&ion=1&biw=1160&bih=535","seen":false,"tidbits":["Boot in safe mode or boot in the dos prompt if needed. You can use windows search utility to se
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://ilivid-download-manager.en.softonic.com/"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://systemexplorer.net/db/ilivid.exe.html"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891551]
"http://www.secuobs.com/revue/news/link305603.shtml"="["ilivid safe","1IhET42uH6OdiQLT-524Dg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://malwareremoval.com/forum/viewtopic.php?f=11&t=59151&start=0"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://forums.malwarebytes.org/index.php?showtopic=103808"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.computing.net/answers/windows-xp/how-do-i-get-rid-of-ilivid-off-my-computer/199041.html"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.fanhow.com/windows-i/windows-ilivid-toolbar-kald-ram-yorum"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.fixya.com/search/p1605585-make_it_simple_ilivid_download_manager/server"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://svn.haxx.se/tsvnusers/archive-2011-10/0007.shtml"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://windows.podnova.com/trends/ilivid_extract_for_mac.html"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://www.filebuzz.com/findsoftware/Usb_Tablet_Manager_Download/1.html"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\Times\1329891683]
"http://account.software.informer.com/pages/150/"="["ilivid high memory","TolET6LxO4mciAKtqa3gDg"]"

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeInstaller_9128[1]_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeInstaller_9128[1]_RASMANCS]

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C976F2E-3393-40FE-B0E8-C2ABB7015A6D}]
"AppPath"="C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby askey127 » February 22nd, 2012, 1:34 pm

loowee2,
A lot of the iLivid stuff is stored in the Google toolbar registry. We need to remove it.
If the Google Toolbar doesn't work correctly after this, you may have to Uninstall and Re-install it.
-------------------------------------------------------------
Create A Restore Point
This will give us a fresh Restore Point we can fall back on in case of an error.
  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Files
    C:\Users\Karen\AppData\Local\CrashDumps\ilivid.exe.6720.dmp
    C:\Users\Karen\AppData\Local\CrashDumps\ilivid.exe.7076.dmp
    C:\Users\Karen\Music\iLividSetupV1.exe
    C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_0ab7aa8c d----c- [18:40 21/02/2012]
    C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_1b944007 d----c- [18:06 21/02/2012]
    ipconfig /flushdns /c
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search]
    [-HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeInstaller_9128[1]_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeInstaller_9128[1]_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C976F2E-3393-40FE-B0E8-C2ABB7015A6D}]
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Run A SystemLook Scan
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The new log can also be found on your Desktop entitled SystemLook.txt

So we are looking for the contents of the new OTL.txt and SystemLook.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ilivid searchqu

Unread postby loowee2 » February 22nd, 2012, 11:51 pm

So I ran OTL with the code inserted and right after it killed all of the processess, a windows error message popped up saying a critical error occurred and the computer rebooted automatically after one minute. I don;t believe that the OTL finished running, here is the OTL txt that showed up after the reboot. Should I run OTL again?


Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\d=1[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\fc[4].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\gplus_notifications_gadget[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\viewtopic[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\xd_proxy[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZBOZ3J9\01[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZBOZ3J9\4[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZBOZ3J9\fc[4].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZBOZ3J9\gdyn_nba[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\aceUAC[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\d=1[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\frame[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\frame[3].htm moved successfully.

Registry entries deleted on Reboot...
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby loowee2 » February 23rd, 2012, 12:00 am

OTL logfile created on: 2/22/2012 7:52:24 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.54% Memory free
7.59 Gb Paging File | 5.69 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 299.24 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 2.45 Gb Free Space | 65.65% Space Free | Partition Type: FAT32

Computer Name: KARENS-BUDDY | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/22 07:08:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
PRC - [2012/01/13 18:19:08 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/03 21:36:24 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/04 19:37:35 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/11/12 10:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/09 19:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/10/26 20:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/26 10:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 13:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/06/11 15:13:40 | 000,158,584 | ---- | M] () -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
PRC - [2009/06/11 15:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/11 15:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
PRC - [2009/05/18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/24 01:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 11:35:20 | 000,643,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2006/10/22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/12 10:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/09/24 13:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/06/11 15:13:40 | 000,158,584 | ---- | M] () -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
MOD - [2008/08/27 16:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/17 11:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/03 21:36:24 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/09 19:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 15:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/29 09:33:22 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 17:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 19:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 19:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 18:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 22:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 16:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/04 19:37:09 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/29 18:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/29 14:56:33 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/25 20:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/15 01:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/04 17:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/18 00:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/08/13 22:36:01 | 000,102,000 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits)
DRV:64bit: - [2009/08/06 13:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 01:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/18 12:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 12:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/12 17:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/05 11:51:08 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/05 11:51:08 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/29 09:57:16 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120222.016\EX64.SYS -- (NAVEX15)
DRV - [2011/12/29 09:57:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120222.016\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 15:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120222.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 18:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 5B B9 52 79 F1 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Karen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Karen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/29 15:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/12/19 12:01:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/02/01 20:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_5_2 [2012/02/22 19:44:16 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 06&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Karen\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Search = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
CHR - Extension: Gmail = C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (CinemaNow Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/67.11/uploader2.cab (UploadListView Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662865B1-F2F5-4AD3-9179-4A683108C5D3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/03 20:58:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/22 07:09:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/22 07:08:29 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/02/21 21:42:07 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\NPE
[2012/02/21 21:12:35 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\ElevatedDiagnostics
[2012/02/21 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Malwarebytes
[2012/02/21 20:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/21 20:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 20:30:33 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/21 20:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/21 20:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/21 20:16:11 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/21 09:51:39 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\PackageAware
[2012/01/24 23:40:18 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\sculpture reference

========== Files - Modified Within 30 Days ==========

[2012/02/22 19:53:57 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 19:53:57 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 19:44:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 19:43:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 19:43:27 | 3054,903,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 19:33:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-462154415-482282731-217094728-1000UA.job
[2012/02/22 19:12:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/22 07:11:46 | 000,165,376 | ---- | M] () -- C:\Users\Karen\Desktop\SystemLook_x64.exe
[2012/02/22 07:08:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012/02/21 21:33:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-462154415-482282731-217094728-1000Core.job
[2012/02/21 21:19:39 | 000,007,593 | ---- | M] () -- C:\Users\Karen\AppData\Local\Resmon.ResmonCfg
[2012/02/21 21:05:59 | 000,001,447 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/02/21 21:00:11 | 000,002,272 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/02/21 20:30:36 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 20:16:11 | 000,002,975 | ---- | M] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/02/16 23:17:29 | 000,511,206 | ---- | M] () -- C:\Users\Karen\Desktop\Howcrio_vectorized.psd
[2012/02/16 20:02:43 | 000,002,401 | ---- | M] () -- C:\Users\Karen\Desktop\Google Chrome.lnk
[2012/02/16 08:49:56 | 005,159,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 08:31:33 | 000,747,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 08:31:33 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 08:31:33 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/15 19:11:09 | 001,925,238 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012/02/09 21:57:50 | 000,039,631 | ---- | M] () -- C:\Users\Karen\Desktop\IMG_1886.jpg
[2012/02/05 16:41:27 | 000,392,445 | ---- | M] () -- C:\Users\Karen\Documents\TaxReturn_Feb_2012_tk2.pdf
[2012/02/05 13:29:03 | 000,414,892 | ---- | M] () -- C:\Users\Karen\Documents\TaxReturn_Feb_2012.pdf
[2012/02/01 07:30:56 | 000,048,002 | ---- | M] () -- C:\Users\Karen\Desktop\dv702027.jpg
[2012/02/01 07:22:10 | 000,002,390 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/27 21:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini

========== Files Created - No Company Name ==========

[2012/02/22 07:11:44 | 000,165,376 | ---- | C] () -- C:\Users\Karen\Desktop\SystemLook_x64.exe
[2012/02/21 21:19:39 | 000,007,593 | ---- | C] () -- C:\Users\Karen\AppData\Local\Resmon.ResmonCfg
[2012/02/21 20:30:36 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 20:16:11 | 000,002,975 | ---- | C] () -- C:\Users\Karen\Desktop\HiJackThis.lnk
[2012/02/16 21:51:14 | 000,511,206 | ---- | C] () -- C:\Users\Karen\Desktop\Howcrio_vectorized.psd
[2012/02/09 21:57:47 | 000,039,631 | ---- | C] () -- C:\Users\Karen\Desktop\IMG_1886.jpg
[2012/02/05 16:41:26 | 000,392,445 | ---- | C] () -- C:\Users\Karen\Documents\TaxReturn_Feb_2012_tk2.pdf
[2012/02/05 13:29:03 | 000,414,892 | ---- | C] () -- C:\Users\Karen\Documents\TaxReturn_Feb_2012.pdf
[2012/02/01 07:31:08 | 000,048,002 | ---- | C] () -- C:\Users\Karen\Desktop\dv702027.jpg
[2011/12/15 13:01:34 | 000,146,304 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/10 23:40:08 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/10/11 09:11:57 | 000,001,456 | ---- | C] () -- C:\Users\Karen\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/06/24 18:29:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/08 09:27:17 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

========== LOP Check ==========

[2010/01/27 21:49:56 | 000,000,000 | -HSD | M] -- C:\Users\Karen\AppData\Roaming\.#
[2011/12/03 16:29:10 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Amazon
[2010/01/23 20:45:41 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Asus WebStorage
[2011/05/03 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Autodesk
[2011/09/16 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Catalina Marketing Corp
[2011/03/28 09:17:22 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/07 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\ICAClient
[2010/12/23 16:31:04 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\PACE Anti-Piracy
[2011/02/04 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Peace Craft
[2011/02/08 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\PeaceCraft2
[2011/03/28 09:12:32 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011/03/02 23:27:38 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/15 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Template
[2011/12/06 23:10:48 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 968 bytes -> C:\ProgramData\Microsoft:mCmMIbGcS5uBtmTsHO4fM7pd4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 1083 bytes -> C:\Users\Karen\AppData\Local\vvk4ZQLngyTqZL:JAJllowYvVv662NytTe8
@Alternate Data Stream - 1009 bytes -> C:\ProgramData\Microsoft:njx9ZfDsupGcHHzRnXS3aHz88pL

< End of report >
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby loowee2 » February 23rd, 2012, 12:01 am

edit: deleted duplicate post
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby askey127 » February 23rd, 2012, 7:44 am

Yes, run that OTL Fix again, then the SystemLook scan.
Please follow through with the SystemLook scan no matter how the OTL Fix appears to work.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ilivid searchqu

Unread postby loowee2 » February 27th, 2012, 3:49 am

Sorry for the delay, been away from the house. Here's the OTL txt:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:27 on 26/02/2012 by Karen
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\searchqu.ini --a---- 432 bytes [17:51 21/02/2012] [17:51 21/02/2012] CF4A16AC08DBFAF8DA08291870F8CAE9
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [17:51 21/02/2012] [17:51 21/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [17:52 21/02/2012] [17:52 21/02/2012] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02222012_194144\C_Users\Karen\AppData\Local\CrashDumps\ilivid.exe.6720.dmp --a---- 5718962 bytes [18:06 21/02/2012] [18:06 21/02/2012] 8A4AC94B59D3C2228A80D0D8FCD1F14E
C:\_OTL\MovedFiles\02222012_194144\C_Users\Karen\AppData\Local\CrashDumps\ilivid.exe.7076.dmp --a---- 5718214 bytes [18:40 21/02/2012] [18:40 21/02/2012] 5D13C281964057DB646DCF8E84FBC81A
C:\_OTL\MovedFiles\02222012_194144\C_Users\Karen\Music\iLividSetupV1.exe --a---- 2063040 bytes [17:51 21/02/2012] [17:51 21/02/2012] 8E470559EBAD98E555C7BBED4D393BC8

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [17:51 21/02/2012] [17:51 21/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\LocalLow\searchquband d------ [17:53 21/02/2012]

Searching for "*iLivid*"
C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_0ab7aa8c d----c- [18:40 21/02/2012]
C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_1b944007 d----c- [18:06 21/02/2012]
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Ilivid Player d------ [17:53 21/02/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\LocalLow\DataMngr d------ [17:53 21/02/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=150&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby loowee2 » February 27th, 2012, 3:50 am

oops, that was the system look, here's the otl txt.

All processes killed
========== FILES ==========
File\Folder C:\Users\Karen\AppData\Local\CrashDumps\ilivid.exe.6720.dmp not found.
File\Folder C:\Users\Karen\AppData\Local\CrashDumps\ilivid.exe.7076.dmp not found.
File\Folder C:\Users\Karen\Music\iLividSetupV1.exe not found.
Invalid Switch: 2012]
Invalid Switch: 2012]
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Karen\Desktop\cmd.bat deleted successfully.
C:\Users\Karen\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Quick Search\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Google\Google Toolbar\4.0\Quick Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeInstaller_9128[1]_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeInstaller_9128[1]_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C976F2E-3393-40FE-B0E8-C2ABB7015A6D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C976F2E-3393-40FE-B0E8-C2ABB7015A6D}\ not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Karen
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Karen
->Flash cache emptied: 906 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen
->Temp folder emptied: 497961 bytes
->Temporary Internet Files folder emptied: 245185696 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2073584 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36018179 bytes
RecycleBin emptied: 2172640 bytes

Total Files Cleaned = 273.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 02262012_231800

Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\channel[1] moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\CheckConnection[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\mastermind[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8VABPOC\xd_proxy[2].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\comments[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\like[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RYTBF0K\viewtopic[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EGAM8VK\CheckConnection[5].htm moved successfully.

Registry entries deleted on Reboot...
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby askey127 » February 27th, 2012, 8:22 am

loowee2,
I hope you can see how this works,(and what a pain it is to ever get iLivid on there).
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Trolltech]
    
    :Files
    C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_0ab7aa8c
    C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_1b944007
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Run a Scan with SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Searchqu*
    *iLivid*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Searchqu*
    *iLivid*
    *datamngr*
    *trolltech*
    
    :Regfind
    Searchqu
    iLivid
    datamngr
    trolltech
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ilivid searchqu

Unread postby loowee2 » March 1st, 2012, 1:50 am

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-462154415-482282731-217094728-1000\Software\Trolltech\ not found.
========== FILES ==========
C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_0ab7aa8c folder moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_1b944007 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Karen\Desktop\cmd.bat deleted successfully.
C:\Users\Karen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Karen
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Karen
->Flash cache emptied: 2025 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen
->Temp folder emptied: 162613 bytes
->Temporary Internet Files folder emptied: 115923593 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16227538 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 102673 bytes

Total Files Cleaned = 126.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 02292012_214119

Files\Folders moved on Reboot...
C:\Users\Karen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG41YGXQ\frame[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG41YGXQ\mail[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPYHTIBE\openhand[1].cur moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8O7Q39R\gplus_notifications_gadget[1].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CH7S3HR\frame[4].htm moved successfully.
C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HU13VKM\mail[4].htm moved successfully.

Registry entries deleted on Reboot...
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby loowee2 » March 1st, 2012, 2:07 am

SystemLook 30.07.11 by jpshortstuff
Log created at 21:51 on 29/02/2012 by Karen
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\searchqu.ini --a---- 432 bytes [17:51 21/02/2012] [17:51 21/02/2012] CF4A16AC08DBFAF8DA08291870F8CAE9
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [17:51 21/02/2012] [17:51 21/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [17:52 21/02/2012] [17:52 21/02/2012] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02222012_194144\C_Users\Karen\AppData\Local\CrashDumps\ilivid.exe.6720.dmp --a---- 5718962 bytes [18:06 21/02/2012] [18:06 21/02/2012] 8A4AC94B59D3C2228A80D0D8FCD1F14E
C:\_OTL\MovedFiles\02222012_194144\C_Users\Karen\AppData\Local\CrashDumps\ilivid.exe.7076.dmp --a---- 5718214 bytes [18:40 21/02/2012] [18:40 21/02/2012] 5D13C281964057DB646DCF8E84FBC81A
C:\_OTL\MovedFiles\02222012_194144\C_Users\Karen\Music\iLividSetupV1.exe --a---- 2063040 bytes [17:51 21/02/2012] [17:51 21/02/2012] 8E470559EBAD98E555C7BBED4D393BC8

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [17:51 21/02/2012] [17:51 21/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\LocalLow\searchquband d------ [17:53 21/02/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\Local\Ilivid Player d------ [17:53 21/02/2012]
C:\_OTL\MovedFiles\02292012_214119\C_Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_0ab7aa8c d----c- [18:40 21/02/2012]
C:\_OTL\MovedFiles\02292012_214119\C_Users\Karen\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_a7c867cfc37fab4fa71c225b4db7876995948b34_1b944007 d----c- [18:06 21/02/2012]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02222012_070947\C_Users\Karen\AppData\LocalLow\DataMngr d------ [17:53 21/02/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=150&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "trolltech"
No data found.

-= EOF =-
loowee2
Active Member
 
Posts: 11
Joined: February 22nd, 2012, 2:30 am

Re: ilivid searchqu

Unread postby askey127 » March 1st, 2012, 8:05 am

loowee2,
I think we have this thing about whipped.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.

Let me know how it's running. I think you should be good to go.
If it's running well, I can give you clean-up instructions.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware