Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iLivid, Searchqu, VideoLan (VLC),

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » February 26th, 2012, 7:34 pm

Last week my husband was told by his class instuctor to go to the VideoLan website and download that player to use with their powerpoint presentations. Needless to say, with it came iLivid and Searchqu. Additionally, Searchqu hijacked our browser homepages (both firefox and explorer) and messed with the search engines, etc.

I have tried uninstalling these things thru the control panel and fixed the homepages. I also went in and disabled searchqu toolbar and thought I uninstalled the addon, but it doesn't seem so now.

How can I fix these - get rid of this stuff for good? Also, for a while before this happened I was getting a message when using firefox that my computer's memory or cache or something was running low. Pops up in the lower right corner above the clock.

Here are the logs:

DDS.TXT:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by owner at 16:00:59 on 2012-02-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3966.1120 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\locator.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Michele\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Users\Michele\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michele\Documents\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_ve ... us&.src=ym
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://att.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - C:\PROGRA~2\ATTTOO~1\ATTTOO~1.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Digimarc Reader for Images BHO for IE: {6d6f1af0-ddcb-477f-a896-5d75e53b80a3} - C:\Program Files (x86)\Digimarc\Reader For Images 4.0\RM4IE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - C:\PROGRA~2\ATTTOO~1\ATTTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB: &Digimarc: {0ffe2f08-3ac9-4a91-a61d-4ff24f91a561} - C:\Program Files (x86)\Digimarc\Reader For Images 4.0\RM4IE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
TB: ShareThis: {6a719530-8443-4898-9bc4-69e76b5f1c89} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Digimarc Watermark Initializer] "C:\Program Files (x86)\Digimarc\Reader For Images 4.0\WMInit.exe"
mRun: [DT HPW] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HPW
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "C:\HP\KBD\KbdStub.EXE"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar"
mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUTTON~1.LNK - C:\Program Files (x86)\INITIO\Button Manager v1.874\inihid.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
AppInit_DLLs:
BHO-X64: Digimarc Reader for Images BHO for IE: {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files (x86)\Digimarc\Reader For Images 4.0\RM4IEx64.dll
BHO-X64: Digimarc Reader for Images BHO for IE - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: &Digimarc: {0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} - C:\Program Files (x86)\Digimarc\Reader For Images 4.0\RM4IEx64.dll
TB-X64: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB-X64: {6A719530-8443-4898-9BC4-69E76B5F1C89} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [RtHDVCpl] "C:\Windows\RAVCpl64.exe"
mRun-x64: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce-x64: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
AppInit_DLLs-X64:
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSviA64.sys [2012-2-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMTDIV.SYS [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2011-10-7 1029480]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
R2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2011-10-7 1037672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9b5a1c67afec8;Google Update Service (gupdate1c9b5a1c67afec8);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-4 133104]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-4 133104]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SymDSMon;SymDSMon;\??\C:\Windows\system32\drivers\SymDSMon.sys --> C:\Windows\system32\drivers\SymDSMon.sys [?]
S3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\System32\drivers\SymSpeedDisk.sys [2011-10-6 108800]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-21 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-24 14:19:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5CC1BB76-F400-4003-A4FA-DA1D34B3A764}\offreg.dll
2012-02-24 13:46:40 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5CC1BB76-F400-4003-A4FA-DA1D34B3A764}\mpengine.dll
2012-02-18 03:47:07 -------- d-----w- C:\Users\Michele\AppData\Local\Ilivid Player
2012-02-16 22:01:35 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\56F4.tmp
2012-02-16 22:01:35 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\56D4.tmp
2012-02-15 13:24:34 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 13:24:34 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 13:24:32 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 13:24:32 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 13:23:59 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-02-15 13:23:59 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-02-15 06:57:53 -------- dc-h--w- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-02-15 06:57:40 -------- d-----w- C:\Program Files (x86)\iLivid
2012-02-15 06:56:08 -------- d-----w- C:\ProgramData\boost_interprocess
2012-02-15 06:56:05 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2012-02-15 06:55:24 -------- d-----w- C:\Users\Michele\AppData\Local\PackageAware
2012-02-15 05:57:42 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-02-11 13:05:28 -------- d-----w- C:\Program Files\iPod
2012-02-11 13:05:27 -------- d-----w- C:\Program Files\iTunes
2012-01-31 06:16:51 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-01-31 06:16:51 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-31 06:16:50 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-01-31 06:16:50 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-31 06:16:50 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-31 06:16:50 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-31 06:16:50 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-31 06:16:50 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-31 06:16:50 11264 ----a-w- C:\Windows\System32\lsass.exe
2012-01-31 03:07:55 912504 ----a-r- C:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys
2012-01-31 03:07:55 744568 ----a-r- C:\Windows\System32\drivers\NISx64\1207000.00D\srtsp64.sys
2012-01-31 03:07:55 450680 ----a-r- C:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys
2012-01-31 03:07:55 432760 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\symtdiv.sys
2012-01-31 03:07:55 40568 ----a-r- C:\Windows\System32\drivers\NISx64\1207000.00D\srtspx64.sys
2012-01-31 03:07:55 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207000.00D\symnets.sys
2012-01-31 03:07:55 171128 ----a-r- C:\Windows\System32\drivers\NISx64\1207000.00D\ironx64.sys
2012-01-31 03:07:43 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207000.00D
.
==================== Find3M ====================
.
2012-02-25 21:11:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 11:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:01:40.28 ===============


ATTACH.TXT:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2008 10:51:44 AM
System Uptime: 2/24/2012 3:24:18 AM (61 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA3
Processor: AMD Phenom(tm) 8450 Triple-Core Processor | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 352.507 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.553 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1249: 2/11/2012 12:10:33 AM - Scheduled Checkpoint
RP1250: 2/12/2012 12:00:04 AM - Scheduled Checkpoint
RP1251: 2/14/2012 7:05:22 AM - Scheduled Checkpoint
RP1252: 2/14/2012 7:46:20 AM - Windows Update
RP1253: 2/16/2012 1:46:09 AM - Scheduled Checkpoint
RP1254: 2/16/2012 3:00:12 AM - Windows Update
RP1255: 2/16/2012 11:43:59 PM - Windows Update
RP1256: 2/18/2012 1:02:42 AM - Scheduled Checkpoint
RP1257: 2/20/2012 2:33:27 PM - Scheduled Checkpoint
RP1258: 2/21/2012 7:46:11 AM - Windows Update
RP1259: 2/22/2012 12:00:11 AM - Scheduled Checkpoint
RP1260: 2/23/2012 2:57:27 AM - Scheduled Checkpoint
RP1261: 2/24/2012 12:30:23 AM - Windows Update
RP1262: 2/24/2012 7:45:56 AM - Windows Update
RP1263: 2/25/2012 12:00:02 AM - Scheduled Checkpoint
RP1264: 2/25/2012 3:00:11 AM - Windows Update
RP1265: 2/25/2012 3:11:40 PM - Removed Ask Toolbar.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe CreatePDF Desktop Printer
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.5.0
AIO_Scan
APC PowerChute Personal Edition
Apple Application Support
Apple Software Update
ArcSoft TotalMedia Backup & Record
Ask Toolbar
Ask Toolbar Updater
AT&T Toolbar
AT&T Yahoo! Activation
AT&T Yahoo! Internet Mail
BufferChm
Button Manager v1.874
C4200
C4200_doccd
c4200_Help
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Carbonite
Catella4
Chatango Message Catcher
CoffeeCup Website Color Schemer
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
DesignPro 5.4 Limited Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digimarc Reader for Images
DocProc
DocProcQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Final Media Player 2010
Garmin Communicator Plugin
Garmin POI Loader
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
GEAR driver installer for x86 and x64
Gentium 1.02
Google Earth
Google Update Helper
Google Updater
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Feedback
HP My Display
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Product Detection
HP Smart Web Printing
HP Update
HPProductAssistant
HPSSupply
iLivid
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
MarketResearch
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee autoProducer 6.1
Norton Internet Security
Norton Utilities 15
NVIDIA Stereoscopic 3D Driver
PhotoshopdotcomInspirationBrowser
Pivot Software
Portrait Professional 10.0 Trial
Power2Go
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shutterfly Express Uploader
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
System Requirements Lab
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Download Studio 3.3.7
VideoToolkit01
VLC media player 1.1.11
WebReg
Windows 7 Upgrade Advisor
Windows Live OneCare safety scanner
WinZip Self-Extractor
Yahoo! Install Manager
Yahoo! Mail Advisor
Yahoo! Toolbar
Zipeg
.
==== Event Viewer Messages From Past Week ========
.
2/24/2012 3:26:46 AM, Error: Service Control Manager [7000] - The npf service failed to start due to the following error: This driver has been blocked from loading
2/24/2012 3:26:42 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\npf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/24/2012 12:49:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/24/2012 12:49:28 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/24/2012 12:49:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

thanks....Michele
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm
Advertisement
Register to Remove

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » February 27th, 2012, 1:11 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » February 27th, 2012, 1:24 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Ask Toolbar
Ask Toolbar Updater
iLivid
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1

Next.

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
SQW7-Vista_x32.TXT

---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

Next.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Logs/Information to Post in your Next Reply

  • OTL log.
  • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » February 28th, 2012, 12:42 pm

Should I create a restore point first? Should I disable Norton?

thank you.
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » February 28th, 2012, 1:08 pm

Hi txbirdfarmer,
Should I create a restore point first? Should I disable Norton?

The fix you are about to run will create a new restore point, and there should be no need to disable Norton.
Post the requested logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » February 28th, 2012, 7:07 pm

Here are the logs from OTL and SystemLook, respectively:


All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
========== FILES ==========
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: APPDATA
Invalid Environment Variable: LOCALAPPDATA
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
File/Folder C:\Users\owner\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\owner\AppData\Local\Temp\BandooV6.exe not found.
C:\Users\owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\owner\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\owner\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
C:\Users\owner\AppData\Local\Temp\ilivid.7z moved successfully.
C:\Users\owner\AppData\Local\Temp\searchqu.ini moved successfully.
C:\Users\owner\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
File/Folder C:\Users\owner\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\owner\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\owner\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\owner\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-3E56AC24.pf moved successfully.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temporary Internet Files folder emptied: 13158450 bytes

User: All Users

User: Default
->Temporary Internet Files folder emptied: 35782663 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Glenn
->Temporary Internet Files folder emptied: 194288113 bytes

User: Michele
->Temporary Internet Files folder emptied: 4281735388 bytes

User: owner
->Temporary Internet Files folder emptied: 38252403 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 184069052 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66072 bytes
RecycleBin emptied: 38245181 bytes

Total Files Cleaned = 4,564.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 02282012_132438

Files\Folders moved on Reboot...
C:\Windows\temp\subE6C2.tmp moved successfully.

Registry entries deleted on Reboot...

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


SystemLook 30.07.11 by jpshortstuff
Log created at 16:50 on 28/02/2012 by owner
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent\searchqutoolbar.lnk --a---- 886 bytes [00:51 22/02/2012] [00:51 22/02/2012] 7149E64D9DC13C192441C7DC09234757
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\searchqu.ini --a---- 436 bytes [04:57 23/02/2012] [04:57 23/02/2012] FA57432B3D76373AE86388A8D21E6E98
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [04:57 23/02/2012] [06:56 15/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*iLivid*"
C:\Users\Glenn\Desktop\iLividSetupV1.exe --a---- 2063040 bytes [06:49 15/02/2012] [06:53 15/02/2012] 15EAAA0B16C614C31BB03FE2FA41FAE5
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [04:58 23/02/2012] [06:57 15/02/2012] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02282012_132438\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-3E56AC24.pf --a---- 82566 bytes [19:17 28/02/2012] [19:17 28/02/2012] B27DA3895E4069E74293AE02F883940B

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [04:57 23/02/2012] [06:56 15/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Glenn\AppData\LocalLow\searchquband d------ [03:36 23/02/2012]
C:\Users\Glenn\AppData\LocalLow\searchqutoolbar d------ [03:36 23/02/2012]

Searching for "*iLivid*"
C:\Program Files (x86)\iLivid d------ [06:57 15/02/2012]
C:\Program Files (x86)\Windows iLivid Toolbar d------ [06:56 15/02/2012]
C:\Users\Glenn\AppData\Local\Ilivid Player d------ [06:58 15/02/2012]
C:\Users\Michele\AppData\Local\Ilivid Player d------ [03:47 18/02/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr d------ [06:56 15/02/2012]
C:\Users\Glenn\AppData\LocalLow\DataMngr d------ [02:00 16/02/2012]
C:\Users\Michele\AppData\LocalLow\DataMngr d------ [21:12 25/02/2012]
C:\Users\owner\AppData\LocalLow\DataMngr d------ [21:13 25/02/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\searchqu.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar""
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\searchqu.com]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=328&systemid=406&q="
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=328&systemid=406&q="
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url17"="C:\Users\Glenn\AppData\LocalLow\searchqutoolbar"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar""
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Windows iLivid Toolbar"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"Path"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Ilivid]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"="iLivid Installation "

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{867847D0-1E48-4056-902F-872572DD5664}]
"AppPath"="C:\PROGRA~2\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D904A5C4-B4CE-4B0B-B529-1F1F613AB6CE}]
"AppPath"="C:\PROGRA~2\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar""
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"Path"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"ShortDllPath64"="C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_F]
"DependentKey"="Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{99079a25-328f-4bd4-be04-00955acaa0a7}"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_S]
"DependentKey"="Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_V]
"DependentKey"="Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{99079a25-328f-4bd4-be04-00955acaa0a7}"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.2\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » February 29th, 2012, 7:03 am

Hi txbirdfarmer,
Continue with the instructions below, once done let me know how your computer is performing.

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\searchqu.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\searchqu.com]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\Files\Homepage]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\IEBHO]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\List\Item2]
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Microsoft\Internet Explorer\TypedURLs]
    "url17"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Ilivid]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\iLivid\ilivid.exe"=-
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "{B49A644A-1076-4A3D-B124-DAA7862F2318}"=-
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\iLivid\ilivid.exe"=-
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "{B49A644A-1076-4A3D-B124-DAA7862F2318}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{867847D0-1E48-4056-902F-872572DD5664}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D904A5C4-B4CE-4B0B-B529-1F1F613AB6CE}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqutoolbar"=-
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_F]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_S]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_V]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.2\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    
    :files
    C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent\searchqutoolbar.lnk 
    C:\Users\Glenn\Desktop\iLividSetupV1.exe 
    C:\Users\Glenn\AppData\LocalLow\searchquband
    C:\Users\Glenn\AppData\LocalLow\searchqutoolbar 
    C:\Program Files (x86)\iLivid 
    C:\Program Files (x86)\Windows iLivid Toolbar 
    C:\Users\Glenn\AppData\Local\Ilivid Player 
    C:\Users\Michele\AppData\Local\Ilivid Player
    C:\Users\Glenn\AppData\LocalLow\DataMngr 
    C:\Users\Michele\AppData\LocalLow\DataMngr 
    C:\Users\owner\AppData\LocalLow\DataMngr
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Logs/Information to Post in your Next Reply

  • OTL log.
  • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » February 29th, 2012, 9:33 pm

Results of the scans are:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\searchqu.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\searchqu.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\Files\Homepage\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\IEBHO\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\List\Item2\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Microsoft\Internet Explorer\TypedURLs\\url17 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Ilivid\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\iLivid\ilivid.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49A644A-1076-4A3D-B124-DAA7862F2318}\ not found.
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49A644A-1076-4A3D-B124-DAA7862F2318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{867847D0-1E48-4056-902F-872572DD5664}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{867847D0-1E48-4056-902F-872572DD5664}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D904A5C4-B4CE-4B0B-B529-1F1F613AB6CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D904A5C4-B4CE-4B0B-B529-1F1F613AB6CE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}_F\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_S\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}_S\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\DataMngr_Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7}\{99079a25-328f-4bd4-be04-00955acaa0a7}_V\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}_V\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.2\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
========== FILES ==========
C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent\searchqutoolbar.lnk moved successfully.
C:\Users\Glenn\Desktop\iLividSetupV1.exe moved successfully.
C:\Users\Glenn\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\Glenn\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\Program Files (x86)\iLivid folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar folder moved successfully.
C:\Users\Glenn\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Michele\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Glenn\AppData\LocalLow\DataMngr folder moved successfully.
C:\Users\Michele\AppData\LocalLow\DataMngr folder moved successfully.
C:\Users\owner\AppData\LocalLow\DataMngr folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michele\Documents\Desktop\cmd.bat deleted successfully.
C:\Users\Michele\Documents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Alex

User: All Users

User: Default

User: Default User

User: Glenn

User: Michele

User: owner

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Alex
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Glenn
->Temporary Internet Files folder emptied: 0 bytes

User: Michele
->Temporary Internet Files folder emptied: 54760 bytes

User: owner
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63369 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Alex

User: All Users

User: Default

User: Default User

User: Glenn

User: Michele

User: owner

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 02292012_190811

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


SystemLook 30.07.11 by jpshortstuff
Log created at 19:20 on 29/02/2012 by owner
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\searchqu.ini --a---- 436 bytes [04:57 23/02/2012] [04:57 23/02/2012] FA57432B3D76373AE86388A8D21E6E98
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [04:57 23/02/2012] [06:56 15/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735
C:\_OTL\MovedFiles\02292012_190811\C_Users\Michele\AppData\Roaming\Microsoft\Windows\Recent\searchqutoolbar.lnk --a---- 886 bytes [00:51 22/02/2012] [00:51 22/02/2012] 7149E64D9DC13C192441C7DC09234757

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [04:58 23/02/2012] [06:57 15/02/2012] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\02282012_132438\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-3E56AC24.pf --a---- 82566 bytes [19:17 28/02/2012] [19:17 28/02/2012] B27DA3895E4069E74293AE02F883940B
C:\_OTL\MovedFiles\02292012_190811\C_Users\Glenn\Desktop\iLividSetupV1.exe --a---- 2063040 bytes [06:49 15/02/2012] [06:53 15/02/2012] 15EAAA0B16C614C31BB03FE2FA41FAE5

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [04:57 23/02/2012] [06:56 15/02/2012] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\02292012_190811\C_Users\Glenn\AppData\LocalLow\searchquband d------ [03:36 23/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Users\Glenn\AppData\LocalLow\searchqutoolbar d------ [03:36 23/02/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\02292012_190811\C_Program Files (x86)\iLivid d------ [06:57 15/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Program Files (x86)\Windows iLivid Toolbar d------ [06:56 15/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Users\Glenn\AppData\Local\Ilivid Player d------ [06:58 15/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Users\Michele\AppData\Local\Ilivid Player d------ [03:47 18/02/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\02292012_190811\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr d------ [06:56 15/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Users\Glenn\AppData\LocalLow\DataMngr d------ [02:00 16/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Users\Michele\AppData\LocalLow\DataMngr d------ [21:12 25/02/2012]
C:\_OTL\MovedFiles\02292012_190811\C_Users\owner\AppData\LocalLow\DataMngr d------ [21:13 25/02/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"="iLivid Installation "

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » March 1st, 2012, 5:52 am

Hi txbirdfarmer,
That looks much better but we still have work to do, how is your computer running now?

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.2).

Next.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 7u3.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » March 2nd, 2012, 10:25 pm

It seems to be running faster. Here is the log from the ESET scan:

C:\_OTL\MovedFiles\02282012_132438\C_Users\owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Win32/Toolbar.SearchSuite application
C:\Program Files (x86)\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application
C:\ProgramData\Microsoft\Windows\DRM\56D4.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\56F4.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\56D4.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\56F4.tmp Win64/Olmarik.AD trojan
C:\Users\Glenn\AppData\Local\Temp\57B0.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\Glenn\AppData\Local\Temp\AC07.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\Glenn\Desktop\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Glenn\Pictures\C Grove Ordinance\Print\Presentation Pics\addtl photos\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Michele\AppData\Local\Temp\226997132.Uninstall\Uninstall.exe a variant of Win32/InstallCore.E application
C:\Users\Michele\AppData\Local\Temp\ICReinstall\PDFReaderSetup.exe a variant of Win32/InstallCore.E application
C:\Users\Michele\AppData\Local\Temp\is1438683437\zgInstaller.exe Win32/Toolbar.Zugo application
C:\Users\Michele\AppData\Local\Temp\SvdrG2iA.exe.part a variant of Win32/AdInstaller application
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » March 3rd, 2012, 6:56 am

Hi txbirdfarmer,
It seems to be running faster.

That's good to hear.
Any problems with Searchqu now? let me know in your next reply.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :reg
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"=-
    
    [HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"=-
    
    :files
    C:\Program Files (x86)\AskSBar
    C:\ProgramData\Microsoft\Windows\DRM\56D4.tmp 
    C:\ProgramData\Microsoft\Windows\DRM\56F4.tmp 
    C:\Users\All Users\Microsoft\Windows\DRM\56D4.tmp 
    C:\Users\All Users\Microsoft\Windows\DRM\56F4.tmp 
    C:\Users\Glenn\AppData\Local\Temp\57B0.tmp
    C:\Users\Glenn\AppData\Local\Temp\AC07.tmp 
    C:\Users\Glenn\Desktop\vlcmediaplayer-setup.exe 
    C:\Users\Glenn\Pictures\C Grove Ordinance\Print\Presentation Pics\addtl photos\vlcmediaplayer-setup.exe 
    C:\Users\Michele\AppData\Local\Temp\226997132.Uninstall\Uninstall.exe 
    C:\Users\Michele\AppData\Local\Temp\ICReinstall\PDFReaderSetup.exe
    C:\Users\Michele\AppData\Local\Temp\is1438683437\zgInstaller.exe 
    C:\Users\Michele\AppData\Local\Temp\SvdrG2iA.exe
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • OTL log.
  • Any problems with Searchqu now?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » March 3rd, 2012, 10:07 pm

It is booting faster and the only sign of searchqu is in the OTL moved files.

One question: the VLC program is still installed. Can I uninstall? How do I get rid of everything?

Here is the log:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2394892303-2574874633-725481301-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe" not found.
========== FILES ==========
C:\Program Files (x86)\AskSBar\SrchAstt\1.bin folder moved successfully.
C:\Program Files (x86)\AskSBar\SrchAstt folder moved successfully.
C:\Program Files (x86)\AskSBar\bar\1.bin folder moved successfully.
C:\Program Files (x86)\AskSBar\bar folder moved successfully.
C:\Program Files (x86)\AskSBar folder moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\56D4.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\56F4.tmp moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\56D4.tmp not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\56F4.tmp not found.
C:\Users\Glenn\AppData\Local\Temp\57B0.tmp moved successfully.
C:\Users\Glenn\AppData\Local\Temp\AC07.tmp moved successfully.
C:\Users\Glenn\Desktop\vlcmediaplayer-setup.exe moved successfully.
C:\Users\Glenn\Pictures\C Grove Ordinance\Print\Presentation Pics\addtl photos\vlcmediaplayer-setup.exe moved successfully.
C:\Users\Michele\AppData\Local\Temp\226997132.Uninstall\Uninstall.exe moved successfully.
C:\Users\Michele\AppData\Local\Temp\ICReinstall\PDFReaderSetup.exe moved successfully.
C:\Users\Michele\AppData\Local\Temp\is1438683437\zgInstaller.exe moved successfully.
File\Folder C:\Users\Michele\AppData\Local\Temp\SvdrG2iA.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michele\Documents\Desktop\malware removal\cmd.bat deleted successfully.
C:\Users\Michele\Documents\Desktop\malware removal\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Alex

User: All Users

User: Default

User: Default User

User: Glenn

User: Michele

User: owner

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Alex
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Glenn
->Temporary Internet Files folder emptied: 0 bytes

User: Michele
->Temporary Internet Files folder emptied: 13583860 bytes

User: owner
->Temporary Internet Files folder emptied: 2845109 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 631448 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb


[EMPTYJAVA]

User: Alex

User: All Users

User: Default

User: Default User

User: Glenn

User: Michele

User: owner

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 03032012_190539
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » March 4th, 2012, 6:14 am

Hi txbirdfarmer,
One question: the VLC program is still installed. Can I uninstall?

VLC media player is a legitimate application, but if you don't want it go ahead and uninstall it.

Your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby txbirdfarmer » March 4th, 2012, 8:43 pm

thank you! I will do as you have instructed. I really appreciate your help.

Michele
txbirdfarmer
Active Member
 
Posts: 7
Joined: February 26th, 2012, 6:29 pm

Re: iLivid, Searchqu, VideoLan (VLC),

Unread postby Cypher » March 5th, 2012, 6:19 am

Hi Michele,
thank you! I will do as you have instructed. I really appreciate your help.

You're most welcome glad we could help.
Good luck and stay safe.
As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware