Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cannot seem to shake this malware, major redirect issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cannot seem to shake this malware, major redirect issues

Unread postby Christian1911 » August 9th, 2012, 7:02 pm

I have been having some big issues since I inadvertently downloaded ilivid. I thought I had gotten rid of it ages ago, but it managed to install searchqu, sweetim, babylon, the works. It got to the point where my laptop would rarely turn on and it would only stay on for maybe a few hours. I made enough of a dent to get it to run again, but i'm afraid of screwing something up by trying to get rid of the rest on my own, so I thought I'd ask for an experts assistance. Below are my two text results, thanks a lot



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by christian at 17:44:22 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.975 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\christian\Downloads\SystemLook_x64 (1).exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c0ebe55b000000000000002713867e29&tlver=1.4.19.19&affID=17160
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: !{472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5} : DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5}\2656C6B696E6E2231643 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5}\3434370234F66666565686F6573756 : DhcpNameServer = 68.105.28.12 68.105.29.11
TCP: Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5}\4586560294E6475627E65647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D6C84B92-85CA-4AFF-9A22-4297683D84CB} : DhcpNameServer = 208.180.42.68 208.180.42.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe [2010-2-11 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 655944]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-25 135664]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-26 228408]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-25 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-9 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-09 18:56:11 -------- d-----w- C:\Users\christian\AppData\Roaming\AVG2012
2012-08-09 18:55:43 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-09 18:55:02 -------- d--h--w- C:\$AVG
2012-08-09 16:54:54 -------- d-----w- C:\Windows\pss
2012-08-09 11:20:52 -------- d-----w- C:\Users\christian\AppData\Local\HuluDesktop
2012-08-09 10:23:12 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-09 10:12:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-09 10:12:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-09 10:11:41 -------- d-----w- C:\ProgramData\PC Tools
2012-08-09 10:11:38 -------- d-----w- C:\Users\christian\AppData\Roaming\TestApp
2012-08-09 09:30:18 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-09 09:30:02 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-08-09 09:30:02 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-09 09:30:02 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-09 09:30:02 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-08-09 09:30:01 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-09 09:30:00 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-24 02:21:19 -------- d-----w- C:\Program Files\iPod
2012-07-24 02:21:18 -------- d-----w- C:\Program Files\iTunes
2012-07-24 02:21:18 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-24 01:43:18 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-24 01:42:33 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-23 23:58:05 -------- d-----w- C:\ProgramData\AVG2012
2012-07-23 23:46:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-23 23:00:11 -------- d-----w- C:\Windows\System32\SPReview
2012-07-23 22:54:58 429056 ----a-w- C:\Windows\SysWow64\localsec.dll
2012-07-23 22:50:57 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-23 22:49:58 501248 ----a-w- C:\Windows\System32\WinSATAPI.dll
2012-07-23 22:48:58 624128 ----a-w- C:\Windows\System32\qedit.dll
2012-07-23 22:47:50 625664 ----a-w- C:\Windows\System32\mscms.dll
2012-07-23 22:47:28 13312 ----a-w- C:\Windows\System32\C_ISCII.DLL
2012-07-23 22:47:04 780800 ----a-w- C:\Windows\System32\ActionCenter.dll
2012-07-23 22:47:04 332288 ----a-w- C:\Windows\System32\hgcpl.dll
2012-07-23 22:47:04 27136 ----a-w- C:\Windows\System32\HotStartUserAgent.dll
2012-07-23 22:47:04 232448 ----a-w- C:\Windows\System32\ListSvc.dll
2012-07-23 22:47:04 187904 ----a-w- C:\Windows\System32\provsvc.dll
2012-07-23 22:47:03 549888 ----a-w- C:\Windows\System32\ActionCenterCPL.dll
2012-07-23 20:14:56 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-23 20:08:29 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-07-23 20:08:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-07-23 20:08:26 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-07-23 20:08:24 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-07-23 20:08:23 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-07-23 20:08:12 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-07-23 20:06:22 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-23 20:06:22 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-23 20:06:21 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-23 20:06:21 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-23 20:06:21 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-23 20:06:21 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-23 20:06:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-23 20:06:20 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-23 20:06:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-23 20:06:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-23 20:06:20 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-23 20:06:20 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-23 20:06:19 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-23 20:05:45 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-07-23 20:05:45 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-23 20:05:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-23 20:05:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-07-23 20:05:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-07-23 20:05:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-07-23 19:54:33 -------- d-sh--w- C:\found.000
2012-07-23 19:41:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-23 19:40:52 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-23 19:40:25 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-23 19:40:25 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-23 23:15:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-23 23:15:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 17:45:11.44 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2010 10:25:28 AM
System Uptime: 8/9/2012 1:57:48 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 3656
Processor: AMD Athlon(tm) Neo X2 Dual Core Processor L335 | Socket AM2/S1G2 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 202.686 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.394 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&26B41892&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&26B41892&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP147: 7/25/2012 1:53:58 PM - Windows Update
RP148: 8/2/2012 3:02:17 PM - Windows Update
RP149: 8/8/2012 3:00:14 AM - Windows Update
RP150: 8/9/2012 3:00:32 AM - Windows Update
RP151: 8/9/2012 4:46:41 AM - Removed Ask Toolbar.
RP152: 8/9/2012 5:31:05 AM - Removed Bonjour
RP153: 8/9/2012 5:33:13 AM - Removed Apple Mobile Device Support
RP154: 8/9/2012 10:22:27 AM - Removed SweetIM for Messenger 3.6
RP155: 8/9/2012 10:52:40 AM - Removed Norton Online Backup
RP156: 8/9/2012 10:54:58 AM - Removed Windows Live Sync
RP157: 8/9/2012 10:57:29 AM - Removed AVG 2012
RP158: 8/9/2012 10:59:27 AM - Removed AVG 2012
RP159: 8/9/2012 11:00:30 AM - Removed Visual Studio 2008 x64 Redistributables
RP160: 8/9/2012 11:45:52 AM - Windows Update
RP161: 8/9/2012 11:47:25 AM - Windows Update
RP162: 8/9/2012 1:42:22 PM - Removed Facebook Video Calling 1.2.0.159
RP163: 8/9/2012 1:53:56 PM - Installed AVG 2012
RP164: 8/9/2012 1:54:27 PM - Installed AVG 2012
RP165: 8/9/2012 2:53:43 PM - Removed SweetIM for Messenger 3.6
RP166: 8/9/2012 3:00:35 PM - Removed SweetIM Toolbar for Internet Explorer 4.2
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Reader 9.5.1
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Alcor Micro USB Card Reader
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AVS Audio Editor version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DVD Menu Pack for HP MediaSmart Video
ESU for Microsoft Windows 7
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Internet TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP Support Assistant
HP Update
HP User Guides 0174
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Norton Online Backup
Power2Go
PowerDirector
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 4.2
Steam
swMSM
Team Fortress 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 7:02:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/9/2012 7:02:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
8/9/2012 7:01:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 7:00:48 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 5:34:09 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 5:28:02 AM, Error: PCTCore [280] -
8/9/2012 5:00:00 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5} because another computer on the network has the same name. The server could not start.
8/9/2012 12:55:37 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/9/2012 12:53:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/9/2012 12:53:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/9/2012 12:53:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/9/2012 12:53:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2012 12:53:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/9/2012 12:53:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache DVMIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/9/2012 12:53:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:53:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2012 12:36:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
8/9/2012 11:48:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
8/9/2012 11:17:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 11:17:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 11:17:44 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 11:17:44 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 11:17:44 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 1:58:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
8/9/2012 1:58:34 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
8/9/2012 1:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
8/9/2012 1:13:23 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
8/9/2012 1:12:36 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/9/2012 1:11:24 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/8/2012 9:54:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/8/2012 5:00:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/7/2012 4:22:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
Christian1911
Active Member
 
Posts: 6
Joined: August 9th, 2012, 6:40 pm
Advertisement
Register to Remove

Re: Cannot seem to shake this malware, major redirect issues

Unread postby MWR 3 day Mod » August 14th, 2012, 1:33 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Cannot seem to shake this malware, major redirect issues

Unread postby askey127 » August 14th, 2012, 7:01 am

Hi Christian1911,
Sorry for the delay.
----------------------------------------------
Preliminary Removals with an OTL Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
Win 7, 64 bit: SQW7-Vista_x64.TXT
Make sure that Fix.txt is the exact filename used.
----------------------------------------------
Perform a Custom Fix with OTL
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to highlight the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button in OTL.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we are looking for the contents of OTL.txt, and the contents of SystemLook.txt
Use separate replies if more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Cannot seem to shake this malware, major redirect issues

Unread postby Christian1911 » August 14th, 2012, 11:12 am

Thanks for the response, below I have posted the otl txt file followed by the systemlook file


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
C:\Users\christian\AppData\Local\Ilivid Player folder moved successfully.
File/Folder C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\CHRIST~1\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\christian\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\christian\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\christian\Downloads\SweetImSetup.exe not found.
C:\Users\christian\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\christian\AppData\LocalLow\DataMngr folder moved successfully.
File/Folder C:\Users\christian\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\christian\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\christian\Desktop\cmd.bat deleted successfully.
C:\Users\christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: christian
->Temp folder emptied: 1556211 bytes
->Temporary Internet Files folder emptied: 352249 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79554496 bytes
->Google Chrome cache emptied: 6161876 bytes
->Flash cache emptied: 8649 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Mcx1-CHRISTIAN-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2246 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08142012_095153

Files\Folders moved on Reboot...
C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...



SystemLook 30.07.11 by jpshortstuff
Log created at 09:57 on 14/08/2012 by christian
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\christian\AppData\Local\CrashDumps\ilivid.exe.1540.dmp --a---- 5810099 bytes [08:24 25/03/2012] [08:24 25/03/2012] F443771071A3DBF5179BD4AE85E1CCDF
C:\Users\christian\AppData\Roaming\Microsoft\Windows\Recent\ilivid.exe.1540.dmp.lnk --a---- 982 bytes [13:51 09/08/2012] [13:51 09/08/2012] 9DC6BDFB717B29070A051364A1EFB33C
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\Downloads\iLividSetupV1.exe --a---- 2080816 bytes [08:17 05/03/2012] [08:17 05/03/2012] 44F570D89DC2A0DB31128E39FC2829EE

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_iLivid.exe_f25b4d49a19261c59fcae6841c7cfec7caf8243_35c51c69 d----c- [08:24 25/03/2012]
C:\Users\christian\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_6759454229cab37093202ee9bfe92e71ca948ea_2b741bdb d----c- [20:59 25/03/2012]
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\AppData\Local\Ilivid Player d------ [05:05 25/03/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\AppData\LocalLow\DataMngr d------ [02:00 24/07/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=102&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
@="{0.0.0.00000000}.{09affafa-f6d5-4d9e-b61f-c5206831e900}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (2)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (2)_RASMANCS]
[HKEY_USERS\S-1-5-21-411403246-1565845648-269272551-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
@="{0.0.0.00000000}.{09affafa-f6d5-4d9e-b61f-c5206831e900}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3BCE57F-92AC-405F-8217-E3143AA5097B}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
Christian1911
Active Member
 
Posts: 6
Joined: August 9th, 2012, 6:40 pm

Re: Cannot seem to shake this malware, major redirect issues

Unread postby askey127 » August 14th, 2012, 3:28 pm

Christian1911,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3BCE57F-92AC-405F-8217-E3143AA5097B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (2)_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (2)_RASMANCS]
    [HKEY_USERS\S-1-5-21-411403246-1565845648-269272551-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
    @=""
    
    :Files
    C:\Users\christian\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_6759454229cab37093202ee9bfe92e71ca948ea_2b741bdb
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_iLivid.exe_f25b4d49a19261c59fcae6841c7cfec7caf8243_35c51c69
    C:\Users\christian\AppData\Roaming\Microsoft\Windows\Recent\ilivid.exe.1540.dmp.lnk
    C:\Users\christian\AppData\Local\CrashDumps\ilivid.exe.1540.dmp
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Rescan For LeftOvers With SystemLook
  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *iLivid*
    
    :folderfind
    *iLivid*
    
    :Regfind
    iLivid
    datamngr
    Searchqu
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Cannot seem to shake this malware, major redirect issues

Unread postby Christian1911 » August 14th, 2012, 9:53 pm

Thanks for the speedy response! Below I have included the quick scan results followed by the systemlook



OTL logfile created on: 8/14/2012 7:47:02 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 68.90% Memory free
7.49 Gb Paging File | 6.21 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.26 Gb Total Space | 202.05 Gb Free Space | 71.33% Space Free | Partition Type: NTFS
Drive D: | 14.53 Gb Total Space | 2.39 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.74 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe (IDT, Inc.)
SRV - (DvmMDES) -- C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (DVMIO) -- C:\SPLASH.SYS\config\dvmio.sys (DeviceVM, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{43819C64-1324-4AA1-97B4-4FBB11EC86C6}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{8E6F4213-069E-41EE-A932-91E1C02E9A7E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c0ebe55b000000000000002713867e29&tlver=1.4.19.19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{43819C64-1324-4AA1-97B4-4FBB11EC86C6}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{52071BEF-4DDC-449F-BDA1-B7FF4FD22E6A}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKLM\..\SearchScopes\{8E6F4213-069E-41EE-A932-91E1C02E9A7E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c0ebe55b000000000000002713867e29&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{43819C64-1324-4AA1-97B4-4FBB11EC86C6}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{52071BEF-4DDC-449F-BDA1-B7FF4FD22E6A}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{8E6F4213-069E-41EE-A932-91E1C02E9A7E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={10AE79E4-0492-46C2-8657-9197257AF77B}&mid=86c88775e33b47d1b12ed16e556297da-d47c3a1ccb9e94ebe2e169c36fe29866848a4491&lang=en&ds=AVG&pr=fr&d=2012-07-23 19:01:21&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9ECB2BF4-C255-49AB-97DD-49966475F12C}: "URL" = http://ws.infospace.com/playsushi_tbar/ ... eUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={EDA9600F-06A4-11E1-85D9-002713867E29}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/09 13:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/09 04:30:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/09 10:22:13 | 000,000,000 | ---D | M]

[2012/08/09 06:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\Mozilla\Extensions
[2012/08/09 05:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\extensions
[2010/08/18 00:05:34 | 000,002,424 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\askcom.xml
[2012/03/25 00:04:13 | 000,002,519 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\Search_Results.xml
[2011/07/11 13:04:02 | 000,000,633 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\startsear.xml
[2011/11/04 00:22:11 | 000,003,915 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\sweetim.xml
[2012/08/09 06:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/24 01:55:43 | 000,000,000 | ---D | M] (Mignet Assistant Service) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7e4af17d-2efa-b982-0696-9ae288588c62}
[2012/08/09 13:55:08 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/08/09 04:34:07 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L2MTC1JE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/08/09 04:30:13 | 000,032,133 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L2MTC1JE.DEFAULT\EXTENSIONS\HYPEM@DOWNLOADER.COM.XPI
[2012/08/09 04:30:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/23 19:01:00 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/04/01 11:46:54 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/09 04:29:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/25 00:04:13 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/09 04:29:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Torrent Stream P2P Multimedia Plug-in (Enabled) = C:\Program Files (x86)\TorrentStream\npts.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\christian\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.40_0\
CHR - Extension: AVG Do Not Track = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/11 05:25:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6C84B92-85CA-4AFF-9A22-4297683D84CB}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 09:51:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 09:43:46 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012/08/14 09:16:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/13 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\WinZip
[2012/08/11 05:39:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/11 04:47:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/11 04:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/09 17:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/08/09 17:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/08/09 17:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/08/09 17:44:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\christian\Desktop\dds.scr
[2012/08/09 13:56:11 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\AVG2012
[2012/08/09 13:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/09 13:55:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/09 13:55:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/09 11:54:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/09 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\ProcessExplorer
[2012/08/09 06:20:52 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\HuluDesktop
[2012/08/09 05:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/09 05:12:50 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/08/09 05:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/09 05:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/09 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\TestApp
[2012/08/09 04:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/09 04:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/25 10:24:09 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/07/23 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/23 21:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/23 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/23 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/23 21:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/23 21:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/23 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/23 20:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/23 20:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/23 18:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/23 18:00:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/23 17:55:53 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/07/23 17:54:39 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/07/23 15:14:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/07/23 14:54:33 | 000,000,000 | -HSD | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2012/08/14 19:55:28 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/08/14 19:52:38 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 19:52:38 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 19:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 19:45:24 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 19:45:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForchristian.job
[2012/08/14 19:45:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 19:45:06 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 19:43:52 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/14 19:43:02 | 103,813,755 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/14 09:56:26 | 000,165,376 | ---- | M] () -- C:\Users\christian\Desktop\SystemLook_x64 (2).exe
[2012/08/14 09:44:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012/08/14 09:16:43 | 618,483,509 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 03:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - christian.job
[2012/08/11 20:16:13 | 000,002,104 | ---- | M] () -- C:\Users\christian\.recently-used.xbel
[2012/08/11 19:49:09 | 000,037,940 | ---- | M] () -- C:\Users\christian\Desktop\honeybadger1.jpg
[2012/08/11 07:26:13 | 000,064,942 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/11 05:25:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/09 17:54:30 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/08/09 17:44:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\christian\Desktop\dds.scr
[2012/08/09 13:55:45 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/09 13:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/09 10:44:15 | 000,001,148 | ---- | M] () -- C:\Users\christian\Desktop\procexp.exe - Shortcut.lnk
[2012/08/09 05:35:11 | 002,205,211 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/09 04:30:13 | 000,002,044 | ---- | M] () -- C:\Users\christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/23 21:22:47 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/23 21:15:34 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/23 21:00:55 | 000,027,520 | ---- | M] () -- C:\Users\christian\AppData\Local\dt.dat
[2012/07/23 20:15:16 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/23 20:00:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 19:52:56 | 000,436,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/23 19:30:55 | 000,741,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/23 19:30:55 | 000,635,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/23 19:30:55 | 000,110,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/14 09:56:33 | 000,165,376 | ---- | C] () -- C:\Users\christian\Desktop\SystemLook_x64 (2).exe
[2012/08/14 09:16:43 | 618,483,509 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/11 20:16:13 | 000,002,104 | ---- | C] () -- C:\Users\christian\.recently-used.xbel
[2012/08/11 19:49:17 | 000,037,940 | ---- | C] () -- C:\Users\christian\Desktop\honeybadger1.jpg
[2012/08/09 17:54:30 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/08/09 13:55:45 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/09 13:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/09 10:44:15 | 000,001,148 | ---- | C] () -- C:\Users\christian\Desktop\procexp.exe - Shortcut.lnk
[2012/08/09 05:13:08 | 002,205,211 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/31 23:20:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForchristian.job
[2012/07/23 21:22:47 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/23 21:15:34 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/23 21:00:55 | 000,027,520 | ---- | C] () -- C:\Users\christian\AppData\Local\dt.dat
[2012/07/23 20:14:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/23 20:14:37 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/23 17:55:50 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/07/23 17:55:26 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/07/23 17:49:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/10/17 16:18:35 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 05:23:06 | 000,019,832 | ---- | C] () -- C:\Users\christian\AppData\Local\tmpMAKEMSAY.JPG
[2010/10/07 22:26:49 | 000,042,051 | ---- | C] () -- C:\Users\christian\AppData\Local\tmpCAT IN THE HAT.JPG

========== LOP Check ==========

[2012/08/09 13:56:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\AVG2012
[2011/02/28 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\BSD
[2012/08/09 06:17:59 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Free Download Manager
[2012/08/11 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gtk-2.0
[2012/03/25 03:46:27 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\StreamTorrent
[2012/08/09 05:11:38 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TestApp
[2012/08/12 03:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - christian.job
[2012/08/09 07:00:47 | 000,029,408 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >




SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 14/08/2012 by christian
Administrator - Elevation successful

========== filefind ==========

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\Downloads\iLividSetupV1.exe --a---- 2080816 bytes [08:17 05/03/2012] [08:17 05/03/2012] 44F570D89DC2A0DB31128E39FC2829EE
C:\_OTL\MovedFiles\08142012_194221\C_Users\christian\AppData\Local\CrashDumps\ilivid.exe.1540.dmp --a---- 5810099 bytes [08:24 25/03/2012] [08:24 25/03/2012] F443771071A3DBF5179BD4AE85E1CCDF
C:\_OTL\MovedFiles\08142012_194221\C_Users\christian\AppData\Roaming\Microsoft\Windows\Recent\ilivid.exe.1540.dmp.lnk --a---- 982 bytes [13:51 09/08/2012] [13:51 09/08/2012] 9DC6BDFB717B29070A051364A1EFB33C

========== folderfind ==========

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\AppData\Local\Ilivid Player d------ [05:05 25/03/2012]
C:\_OTL\MovedFiles\08142012_194221\C_ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_iLivid.exe_f25b4d49a19261c59fcae6841c7cfec7caf8243_35c51c69 d----c- [08:24 25/03/2012]
C:\_OTL\MovedFiles\08142012_194221\C_Users\christian\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_6759454229cab37093202ee9bfe92e71ca948ea_2b741bdb d----c- [20:59 25/03/2012]

========== Regfind ==========

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
@="{0.0.0.00000000}.{09affafa-f6d5-4d9e-b61f-c5206831e900}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
[HKEY_USERS\S-1-5-21-411403246-1565845648-269272551-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
@="{0.0.0.00000000}.{09affafa-f6d5-4d9e-b61f-c5206831e900}|\Device\HarddiskVolume2\Program Files (x86)\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=102&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

-= EOF =-
Christian1911
Active Member
 
Posts: 6
Joined: August 9th, 2012, 6:40 pm

Re: Cannot seem to shake this malware, major redirect issues

Unread postby askey127 » August 15th, 2012, 10:11 am

Christian1911,
This insidious infection often takes a few passes to get rid of, because it persistently tries to reload itself.
In this case it is likely related to some of the toolbars installed on your machine.
We will get rid of those as well.

In general, it's best to avoid installing ANY toolbars. The are mostly for the benefit of the purveyor, not you.
You'll notice they are not even listed as Programs that can be removed. That's not an accident.
This iLivid/Searchqu infection does not completely remove itself even when it DOES show in the programs list.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
(This is an obsolete, leftover version of Java. You already have a new one.)

Java(TM) 6 Update 20

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{43819C64-1324-4AA1-97B4-4FBB11EC86C6}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c0ebe55b000000000000002713867e29&tlver=1.4.19.19&affID=17160
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{43819C64-1324-4AA1-97B4-4FBB11EC86C6}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{52071BEF-4DDC-449F-BDA1-B7FF4FD22E6A}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found
    IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US
    IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c0ebe55b000000000000002713867e29&tlver=1.4.19.19&affID=17160
    IE - HKCU\..\SearchScopes\{43819C64-1324-4AA1-97B4-4FBB11EC86C6}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKCU\..\SearchScopes\{52071BEF-4DDC-449F-BDA1-B7FF4FD22E6A}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={EDA9600F-06A4-11E1-85D9-002713867E29}
    [2010/08/18 00:05:34 | 000,002,424 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\askcom.xml
    [2011/04/01 11:46:54 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    CHR - plugin: Torrent Stream P2P Multimedia Plug-in (Enabled) = C:\Program Files (x86)\TorrentStream\npts.dll
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
    [-HKEY_USERS\S-1-5-21-411403246-1565845648-269272551-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ef71f5c6_0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    
    :Files
    C:\Program Files (x86)\TorrentStream
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Rescan For LeftOvers With SystemLook
  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *iLivid*
    
    :folderfind
    *iLivid*
    
    :Regfind
    iLivid
    datamngr
    Searchqu
    babylon 
    conduit
    ask.com
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The new results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Cannot seem to shake this malware, major redirect issues

Unread postby Christian1911 » August 15th, 2012, 9:19 pm

Yeah, I'm starting to see that haha. Thanks again for taking the time to help me out. Below I've posted otl then system


OTL logfile created on: 8/15/2012 7:52:47 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 64.52% Memory free
7.49 Gb Paging File | 6.01 Gb Available in Paging File | 80.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.26 Gb Total Space | 201.90 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
Drive D: | 14.53 Gb Total Space | 2.39 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.74 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\STacSV64.exe (IDT, Inc.)
SRV - (DvmMDES) -- C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5ea32181aefd3364\AESTSr64.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (DVMIO) -- C:\SPLASH.SYS\config\dvmio.sys (DeviceVM, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{8E6F4213-069E-41EE-A932-91E1C02E9A7E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{8E6F4213-069E-41EE-A932-91E1C02E9A7E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{8E6F4213-069E-41EE-A932-91E1C02E9A7E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={10AE79E4-0492-46C2-8657-9197257AF77B}&mid=86c88775e33b47d1b12ed16e556297da-d47c3a1ccb9e94ebe2e169c36fe29866848a4491&lang=en&ds=AVG&pr=fr&d=2012-07-23 19:01:21&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9ECB2BF4-C255-49AB-97DD-49966475F12C}: "URL" = http://ws.infospace.com/playsushi_tbar/ ... eUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/09 13:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/09 04:30:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/09 10:22:13 | 000,000,000 | ---D | M]

[2012/08/09 06:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\Mozilla\Extensions
[2012/08/09 05:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\extensions
[2012/03/25 00:04:13 | 000,002,519 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\Search_Results.xml
[2011/07/11 13:04:02 | 000,000,633 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\startsear.xml
[2011/11/04 00:22:11 | 000,003,915 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\sweetim.xml
[2012/08/09 06:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/24 01:55:43 | 000,000,000 | ---D | M] (Mignet Assistant Service) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7e4af17d-2efa-b982-0696-9ae288588c62}
[2012/08/09 13:55:08 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/08/09 04:34:07 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L2MTC1JE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/08/09 04:30:13 | 000,032,133 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L2MTC1JE.DEFAULT\EXTENSIONS\HYPEM@DOWNLOADER.COM.XPI
[2012/08/09 04:30:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/23 19:01:00 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/09 04:29:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/25 00:04:13 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/09 04:29:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Torrent Stream P2P Multimedia Plug-in (Enabled) = C:\Program Files (x86)\TorrentStream\npts.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\christian\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: AVG Do Not Track = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/11 05:25:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF7164C-7D40-4A46-B8ED-4D3ECF8BD8F5}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6C84B92-85CA-4AFF-9A22-4297683D84CB}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 09:51:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 09:43:46 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012/08/14 09:16:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/13 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\WinZip
[2012/08/11 05:39:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/11 04:47:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/11 04:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/09 17:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/08/09 17:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/08/09 17:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/08/09 17:44:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\christian\Desktop\dds.scr
[2012/08/09 13:56:11 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\AVG2012
[2012/08/09 13:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/09 13:55:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/09 13:55:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/09 11:54:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/09 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\ProcessExplorer
[2012/08/09 06:20:52 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\HuluDesktop
[2012/08/09 05:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/09 05:12:50 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/08/09 05:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/09 05:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/09 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\TestApp
[2012/08/09 04:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/09 04:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/25 10:24:09 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/07/23 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/23 21:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/23 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/23 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/23 21:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/23 21:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/23 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/23 20:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/23 20:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/23 18:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/23 18:00:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/23 17:55:53 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/07/23 17:54:39 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/07/23 15:14:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/07/23 14:54:33 | 000,000,000 | -HSD | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2012/08/15 19:58:03 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/08/15 19:55:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 19:55:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 19:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 19:48:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 19:47:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 19:47:45 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 19:16:56 | 103,922,008 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/15 19:16:07 | 000,096,960 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/14 19:45:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForchristian.job
[2012/08/14 19:43:52 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/14 09:56:26 | 000,165,376 | ---- | M] () -- C:\Users\christian\Desktop\SystemLook_x64 (2).exe
[2012/08/14 09:44:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2012/08/14 09:16:43 | 618,483,509 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 03:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - christian.job
[2012/08/11 20:16:13 | 000,002,104 | ---- | M] () -- C:\Users\christian\.recently-used.xbel
[2012/08/11 19:49:09 | 000,037,940 | ---- | M] () -- C:\Users\christian\Desktop\honeybadger1.jpg
[2012/08/11 05:25:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/09 17:54:30 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/08/09 17:44:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\christian\Desktop\dds.scr
[2012/08/09 13:55:45 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/09 13:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/09 10:44:15 | 000,001,148 | ---- | M] () -- C:\Users\christian\Desktop\procexp.exe - Shortcut.lnk
[2012/08/09 05:35:11 | 002,205,211 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/09 04:30:13 | 000,002,044 | ---- | M] () -- C:\Users\christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/23 21:22:47 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/23 21:15:34 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/23 21:00:55 | 000,027,520 | ---- | M] () -- C:\Users\christian\AppData\Local\dt.dat
[2012/07/23 20:15:16 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/23 20:00:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 19:52:56 | 000,436,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/23 19:30:55 | 000,741,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/23 19:30:55 | 000,635,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/23 19:30:55 | 000,110,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/14 09:56:33 | 000,165,376 | ---- | C] () -- C:\Users\christian\Desktop\SystemLook_x64 (2).exe
[2012/08/14 09:16:43 | 618,483,509 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/11 20:16:13 | 000,002,104 | ---- | C] () -- C:\Users\christian\.recently-used.xbel
[2012/08/11 19:49:17 | 000,037,940 | ---- | C] () -- C:\Users\christian\Desktop\honeybadger1.jpg
[2012/08/09 17:54:30 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/08/09 13:55:45 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/09 13:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/09 13:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/09 10:44:15 | 000,001,148 | ---- | C] () -- C:\Users\christian\Desktop\procexp.exe - Shortcut.lnk
[2012/08/09 05:13:08 | 002,205,211 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/31 23:20:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForchristian.job
[2012/07/23 21:22:47 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/23 21:15:34 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/23 21:00:55 | 000,027,520 | ---- | C] () -- C:\Users\christian\AppData\Local\dt.dat
[2012/07/23 20:14:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/23 20:14:37 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/23 17:55:50 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/07/23 17:55:26 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/07/23 17:49:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/10/17 16:18:35 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 05:23:06 | 000,019,832 | ---- | C] () -- C:\Users\christian\AppData\Local\tmpMAKEMSAY.JPG
[2010/10/07 22:26:49 | 000,042,051 | ---- | C] () -- C:\Users\christian\AppData\Local\tmpCAT IN THE HAT.JPG

========== LOP Check ==========

[2012/08/09 13:56:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\AVG2012
[2011/02/28 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\BSD
[2012/08/09 06:17:59 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Free Download Manager
[2012/08/11 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gtk-2.0
[2012/03/25 03:46:27 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\StreamTorrent
[2012/08/09 05:11:38 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TestApp
[2012/08/12 03:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - christian.job
[2012/08/09 07:00:47 | 000,029,908 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


SystemLook 30.07.11 by jpshortstuff
Log created at 20:07 on 15/08/2012 by christian
Administrator - Elevation successful

========== filefind ==========

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\Downloads\iLividSetupV1.exe --a---- 2080816 bytes [08:17 05/03/2012] [08:17 05/03/2012] 44F570D89DC2A0DB31128E39FC2829EE
C:\_OTL\MovedFiles\08142012_194221\C_Users\christian\AppData\Local\CrashDumps\ilivid.exe.1540.dmp --a---- 5810099 bytes [08:24 25/03/2012] [08:24 25/03/2012] F443771071A3DBF5179BD4AE85E1CCDF
C:\_OTL\MovedFiles\08142012_194221\C_Users\christian\AppData\Roaming\Microsoft\Windows\Recent\ilivid.exe.1540.dmp.lnk --a---- 982 bytes [13:51 09/08/2012] [13:51 09/08/2012] 9DC6BDFB717B29070A051364A1EFB33C

========== folderfind ==========

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08142012_095153\C_Users\christian\AppData\Local\Ilivid Player d------ [05:05 25/03/2012]
C:\_OTL\MovedFiles\08142012_194221\C_ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_iLivid.exe_f25b4d49a19261c59fcae6841c7cfec7caf8243_35c51c69 d----c- [08:24 25/03/2012]
C:\_OTL\MovedFiles\08142012_194221\C_Users\christian\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_6759454229cab37093202ee9bfe92e71ca948ea_2b741bdb d----c- [20:59 25/03/2012]

========== Regfind ==========

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "babylon "
No data found.

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

Searching for "ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32]
@="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32]
@="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"
[HKEY_USERS\S-1-5-21-411403246-1565845648-269272551-1000\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]

-= EOF =-
Christian1911
Active Member
 
Posts: 6
Joined: August 9th, 2012, 6:40 pm

Re: Cannot seem to shake this malware, major redirect issues

Unread postby askey127 » August 16th, 2012, 9:09 am

Christian1911,
Best to never use any Registry Cleaners/Optimizers/Boosters, etc.
They don't work very well, and can trash your system.
I am removing the weekly schedule for RegInOut.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKCU\..\SearchScopes\{9ECB2BF4-C255-49AB-97DD-49966475F12C}: "URL" = http://ws.infospace.com/playsushi_tbar/ ... eUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    [2011/11/04 00:22:11 | 000,003,915 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\l2mtc1je.default\searchplugins\sweetim.xml
    CHR - plugin: Torrent Stream P2P Multimedia Plug-in (Enabled) = C:\Program Files (x86)\TorrentStream\npts.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    [2012/08/12 03:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - christian.job
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32]
    [-HKEY_USERS\S-1-5-21-411403246-1565845648-269272551-1000\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
    
    :Files
    C:\Program Files (x86)\TorrentStream
    C:\Users\christian\AppData\Roaming\StreamTorrent
    C:\Windows\Tasks\RegInOut Scheduled Scan - christian.job
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Rescan For LeftOvers With SystemLook
  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :Regfind
    iLivid
    datamngr
    Searchqu
    conduit
    ask.com
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The new results log can also be found on your Desktop, entitled SystemLook.txt

By the way, one of your toolbars is installed by AVG. It's called the "Linkscanner" toolbar.
When you search for something, it prescans every website listed in the search results based on its own agenda.
Some users consider this inappropriate or overkill and do not want the slowdown of the browser which accompanies.
They prefer to switch Antivirus apps to get rid of it. Firefox with the AdBlock plug-in works fine.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Cannot seem to shake this malware, major redirect issues

Unread postby askey127 » August 19th, 2012, 6:04 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware