Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

poweliks plus others???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: poweliks plus others???

Unread postby wannabeageek » January 27th, 2015, 12:47 am

Hi flip.

I did not forget about you and I am well aware of the east coast getting hammered with another winter wonder. I would definitely take that into consideration if you had not replied in a timely manner. No problem with the bump, If I have not replied in 2 days. Occasionally I get inundated with personal business.

You seemed to have chopped off the bottom of the Windows Validation Check log. Please be sure to post the complete log this time.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

Re: poweliks plus others???

Unread postby flip665 » January 27th, 2015, 2:18 am

hey wbg, tried to edit the previous log so i could just tack on the last lines but it wouldnt let me so heres that log in its entirety... sorry bout clipping off the bottom, im pretty sure i hit select all. ill double check in the future.


Windows Validation Check
Version: 1.9.12.5
Log Created On: 2358_24-01-2015
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2015-01-24 22:38:50
Last Success Time for Update Download: 2015-01-23 16:38:39
Last Success Time for Update Installation: 2015-01-23 16:38:46


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 7/6/2011 17:52:12
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 16:22:44
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 16:22:44
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 7/6/2011 17:52:12
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 0014_25-01-2015 --------
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby wannabeageek » January 29th, 2015, 2:10 am

Hi Flip,

Depending on what actually gets removed will dictate where we start removing items. Be sure to let me know which programs uninstall.

Step 1.
Registry Backup (TCRB)

Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  4. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  6. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Adobe Reader 8.1.0
      Ask Toolbar Updater
      Bing Bar
      Coupon Printer for Windows
      Java(TM) 6 Update 38
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: poweliks plus others???

Unread postby flip665 » January 29th, 2015, 2:50 am

done with one exception, couldnt find ask toolbar updater.

think i may have already uninsstalled it as it is not in my manage apps options tab for internet options if you follow where im going with that...
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby wannabeageek » January 29th, 2015, 1:57 pm

if you follow where im going with that...
No idea. Where are you going with this?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: poweliks plus others???

Unread postby flip665 » January 30th, 2015, 7:12 pm

I meant if you follow where im going with that description of what I was talking about. previously, when you click the little gear up in the top right (internet options) there is a selection for manage add-ons where you can set the priority of your browsers and search engines and such... ask.com is no longer there though it used to be. it also is not anywhere to be found in search for programs under the windows button in the bottom left... so I think since it hijacked my default web home page several times that ive already uninstalled it... I cant be certain when, but I definitely cant find it now so... that's what I meant... sorry for the misunderstanding.
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby wannabeageek » February 2nd, 2015, 10:58 am

I am working on a fix. I will get back to you.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: poweliks plus others???

Unread postby flip665 » February 2nd, 2015, 12:02 pm

no problem buddy, i'll check back periodically...
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby wannabeageek » February 3rd, 2015, 11:18 pm

Hi flip,

Please run the following:

Step 1.
Registry Backup (TCRB)
TCRB should still be on your desktop - if not;
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  4. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  6. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll => C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll File Not Found
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://astromenda.com/results.php?f=4&q= {searchTerms}&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://dts.search-results.com/sr?src=ie ... nrs=AGE&q= {searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://astromenda.com/results.php?f=4&q= {searchTerms}&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=
SearchScopes: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> {0B471A60-1235-4E46-AAD3-ED2A97F3FD42} URL = 
SearchScopes: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL =
Toolbar: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_mdaffm ... 345880&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=", "hxxp://www.google.com/", "hxxp://www.claro-search.com/?affID=118666&tt=0313_4&babsrc=HP_ss&mntrId=ba186d3d000000000000904ce55131b9", "hxxp://search.imesh.net?appid=393"
CHR DefaultSearchKeyword: Default -> Astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q= {searchTerms}&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=
Reg: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /v "{79A765E1-C399-405B-85AF-466F52E918B0}" /f
Reg: reg delete "HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /v "{79A765E1-C399-405B-85AF-466F52E918B0}" /f

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Step 3.
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Right mouse click SystemLook.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Copy and paste the content of the following codebox into the main textfield;
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *crack*
    *datamngr*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *KMSpico*
    *OpenCandy*
    *Searchqu*
    *Searchnu*
    *smartbar*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *crack*
    *datamngr*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *KMSpico*
    *OpenCandy*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    crack
    datamngr
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    KMSpico
    OpenCandy
    Searchqu
    Searchnu
    smartbar
    Tarma
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


What I need back from you:
Post each separately.
  1. Contents of fixlog.txt
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: poweliks plus others???

Unread postby flip665 » February 4th, 2015, 1:24 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015
Ran by annie at 2015-02-04 00:22:38 Run:1
Running from C:\Users\annie\Desktop
Loaded Profiles: annie (Available profiles: annie)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll => C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll File Not Found
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://astromenda.com/results.php?f=4&q= {searchTerms}&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://dts.search-results.com/sr?src=ie ... nrs=AGE&q= {searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://astromenda.com/results.php?f=4&q= {searchTerms}&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=
SearchScopes: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> {0B471A60-1235-4E46-AAD3-ED2A97F3FD42} URL =
SearchScopes: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL =
Toolbar: HKU\S-1-5-21-3287317925-2951633530-1351593121-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_mdaffm ... 345880&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=", "hxxp://www.google.com/", "hxxp://www.claro-search.com/?affID=118666&tt=0313_4&babsrc=HP_ss&mntrId=ba186d3d000000000000904ce55131b9", "hxxp://search.imesh.net?appid=393"
CHR DefaultSearchKeyword: Default -> Astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q= {searchTerms}&a=ast_mdaffmarmar_14_43_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtCtAtC0BzyyC0DtA0DtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0D0A0EtA0DtC0AtGyEtCzz0AtGyC0A0D0BtGtD0FyDyEtGyB0EtCtAtAyEyBtDyB0B0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzzyD0CtD0A0EtGyB0EzzyBtGyEtDtB0EtG0AtDyC0FtG0FtC0B0AyE0E0AzyyB0B0Czz2Q&cr=1260345880&ir=
Reg: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /v "{79A765E1-C399-405B-85AF-466F52E918B0}" /f
Reg: reg delete "HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /v "{79A765E1-C399-405B-85AF-466F52E918B0}" /f

*****************

"HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll" => Value Data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
"HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B471A60-1235-4E46-AAD3-ED2A97F3FD42}" => Key deleted successfully.
HKCR\CLSID\{0B471A60-1235-4E46-AAD3-ED2A97F3FD42} => Key not found.
"HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found.
"HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKU\S-1-5-21-3287317925-2951633530-1351593121-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.

========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /v "{79A765E1-C399-405B-85AF-466F52E918B0}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /v "{79A765E1-C399-405B-85AF-466F52E918B0}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 00:22:39 ====
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby flip665 » February 4th, 2015, 2:08 am

SystemLook 30.07.11 by jpshortstuff
Log created at 00:36 on 04/02/2015 by annie
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
C:\Users\annie\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico --a---- 1150 bytes [22:24 10/05/2012] [22:24 10/05/2012] 3A2621535E6A482B2783AA692B103D04
C:\Users\annie\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml --a---- 921 bytes [02:45 24/04/2012] [02:45 24/04/2012] 3818E1EF30C8DECAFA7FFCFC4E3A1AF0

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [20:50 12/02/2014] [20:50 12/02/2014] 5A2B082A760722E08042E3892D07690E

Searching for "*crack*"
C:\PhilsSH4\Ubisoft\Silent Hunter Wolves of the Pacific\Data\Animations\SecondaryWeaponMen\DCRack_SH4.dat --a---- 13962 bytes [01:30 24/09/2011] [15:58 25/01/2007] EEDF6DEE14D3CB679C3951D1599F534A
C:\PhilsSH4c2\Ubisoft\Silent Hunter Wolves of the Pacific\Data\Animations\SecondaryWeaponMen\DCRack_SH4.dat --a---- 13962 bytes [01:26 15/04/2012] [15:58 25/01/2007] EEDF6DEE14D3CB679C3951D1599F534A
C:\PhilsSH4c3\Ubisoft\Silent Hunter Wolves of the Pacific\Data\Animations\SecondaryWeaponMen\DCRack_SH4.dat --a---- 13962 bytes [03:28 13/04/2012] [15:58 25/01/2007] EEDF6DEE14D3CB679C3951D1599F534A
C:\Users\annie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K243SY3R\OBAN_GMIMEMetaCrackleiMediaAwA35_1415_Meta300x250CrackleCholBIN_xxxx_300x250_14_3_Flash[1].jpg --a---- 31040 bytes [22:29 03/02/2015] [22:29 03/02/2015] 985E310AF25B234D0D7574FEE44C25BE
C:\Users\annie\AppData\Local\Temp\1254\AppData\Local\Microsoft\Internet Explorer\DOMStore\I8MT8XOY\www.crackle[1].xml --a---- 394 bytes [04:59 29/11/2014] [04:59 29/11/2014] DCB44DD3D3DA3CAC7183E147104B97BF
C:\Users\annie\AppData\Local\Temp\29fc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUVTLED3\crackle.deeplinker.proto[1].js --a---- 25224 bytes [05:06 29/11/2014] [05:06 29/11/2014] 1B48D28680BF14E97CADA374C079228E

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
C:\Users\annie\AppData\Local\Fast Browser\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.7_0\app\spots\gallery\images\funmoods.svg --a---- 2367 bytes [01:50 19/01/2015] [16:46 23/07/2014] BA4F5E23ED75CBAFA72AF45D491CF009
C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.7_0\app\spots\gallery\images\funmoods.svg --a---- 2367 bytes [22:19 13/01/2015] [16:46 23/07/2014] BA4F5E23ED75CBAFA72AF45D491CF009

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*KMSpico*"
No files found.

Searching for "*OpenCandy*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\ProgramData\Babylon d------ [04:05 21/01/2013]
C:\Users\All Users\Babylon d------ [04:05 21/01/2013]
C:\Users\annie\AppData\Roaming\Babylon d------ [04:05 21/01/2013]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*crack*"
No folders found.

Searching for "*datamngr*"
C:\Users\annie\AppData\LocalLow\DataMngr d------ [23:32 20/05/2013]

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*KMSpico*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"DisplayIcon"="C:\Program Files\Ask.com\favicon.ico"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"Publisher"="Ask.com"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"DisplayIcon"="C:\Program Files\Ask.com\favicon.ico"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"Publisher"="Ask.com"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS]

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"1AF74D8104403D847A0EAD9035F74F17"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "crack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Datamngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\iMeshSRTB]
"Folder"="C:\Program Files\Search Results Toolbar\Datamngr\SRToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503e067f-2914-4edd-8432-2d6c52635e23}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31D4A334F67ABCB4C963B9A13DFFD4D8]
"00000000000000000000000000000000"="C:\Users\annie\AppData\Local\Temp\SetupDataMngr_iMesh.exe"
[HKEY_USERS\S-1-5-21-3287317925-2951633530-1351593121-1000\Software\DataMngr_Toolbar]

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby flip665 » February 4th, 2015, 2:14 am

the "systemlook" scan seems to have hung up... this is the whole text, checked it twice... so i have a question or two. does the program write its log as its scanning? because i posted the log before i closed the window. as you can tell by the time stamps of the posts, i let it run for 40 minutes or so... to me it doesnt look complete so can i run it again/will my monitor blacking out as a screensaver interupt the scan...

hope i didnt screw this up as everything else seems to have gone smoothly, and i didnt have any other difficulty...

sorry if this isnt correct... let me know what to do next. i'll sit tight for now.
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby wannabeageek » February 6th, 2015, 11:05 pm

Flip,
You did cut it short so please run it again and let it finish. It can take a while.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: poweliks plus others???

Unread postby flip665 » February 8th, 2015, 11:19 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:44 on 08/02/2015 by annie
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
C:\Users\annie\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico --a---- 1150 bytes [22:24 10/05/2012] [22:24 10/05/2012] 3A2621535E6A482B2783AA692B103D04
C:\Users\annie\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml --a---- 921 bytes [02:45 24/04/2012] [02:45 24/04/2012] 3818E1EF30C8DECAFA7FFCFC4E3A1AF0

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [20:50 12/02/2014] [20:50 12/02/2014] 5A2B082A760722E08042E3892D07690E

Searching for "*crack*"
C:\PhilsSH4\Ubisoft\Silent Hunter Wolves of the Pacific\Data\Animations\SecondaryWeaponMen\DCRack_SH4.dat --a---- 13962 bytes [01:30 24/09/2011] [15:58 25/01/2007] EEDF6DEE14D3CB679C3951D1599F534A
C:\PhilsSH4c2\Ubisoft\Silent Hunter Wolves of the Pacific\Data\Animations\SecondaryWeaponMen\DCRack_SH4.dat --a---- 13962 bytes [01:26 15/04/2012] [15:58 25/01/2007] EEDF6DEE14D3CB679C3951D1599F534A
C:\PhilsSH4c3\Ubisoft\Silent Hunter Wolves of the Pacific\Data\Animations\SecondaryWeaponMen\DCRack_SH4.dat --a---- 13962 bytes [03:28 13/04/2012] [15:58 25/01/2007] EEDF6DEE14D3CB679C3951D1599F534A
C:\Users\annie\AppData\Local\Temp\1254\AppData\Local\Microsoft\Internet Explorer\DOMStore\I8MT8XOY\www.crackle[1].xml --a---- 394 bytes [04:59 29/11/2014] [04:59 29/11/2014] DCB44DD3D3DA3CAC7183E147104B97BF
C:\Users\annie\AppData\Local\Temp\29fc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUVTLED3\crackle.deeplinker.proto[1].js --a---- 25224 bytes [05:06 29/11/2014] [05:06 29/11/2014] 1B48D28680BF14E97CADA374C079228E

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
C:\Users\annie\AppData\Local\Fast Browser\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.7_0\app\spots\gallery\images\funmoods.svg --a---- 2367 bytes [01:50 19/01/2015] [16:46 23/07/2014] BA4F5E23ED75CBAFA72AF45D491CF009
C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.7_0\app\spots\gallery\images\funmoods.svg --a---- 2367 bytes [22:19 13/01/2015] [16:46 23/07/2014] BA4F5E23ED75CBAFA72AF45D491CF009

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*KMSpico*"
No files found.

Searching for "*OpenCandy*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\ProgramData\Babylon d------ [04:05 21/01/2013]
C:\Users\All Users\Babylon d------ [04:05 21/01/2013]
C:\Users\annie\AppData\Roaming\Babylon d------ [04:05 21/01/2013]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*crack*"
No folders found.

Searching for "*datamngr*"
C:\Users\annie\AppData\LocalLow\DataMngr d------ [23:32 20/05/2013]

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*KMSpico*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"DisplayIcon"="C:\Program Files\Ask.com\favicon.ico"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"Publisher"="Ask.com"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"DisplayIcon"="C:\Program Files\Ask.com\favicon.ico"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]
"Publisher"="Ask.com"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS]

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"1AF74D8104403D847A0EAD9035F74F17"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "crack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Datamngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\iMeshSRTB]
"Folder"="C:\Program Files\Search Results Toolbar\Datamngr\SRToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503e067f-2914-4edd-8432-2d6c52635e23}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31D4A334F67ABCB4C963B9A13DFFD4D8]
"00000000000000000000000000000000"="C:\Users\annie\AppData\Local\Temp\SetupDataMngr_iMesh.exe"
[HKEY_USERS\S-1-5-21-3287317925-2951633530-1351593121-1000\Software\DataMngr_Toolbar]

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"

this is as far as i can get it to go. i dont know if theres a way to keep my laptop from timing out or if theres another way to go about seeing what you need to see... this is where it stops after an hour, and where it stops after 12 hours... i cant imagine it should take that long. i dont have any qualms about letting it run all day but i dont know how to make this computer stay on that long... i cant sit here and twiddle the mouse for that long... as far as the scan goes, theres nothing to indicate its doing anything or stopped. (with the exception of when you click the "look" button it changes to a greyed out "scanning" button.) i would imagine when its done it would say its done but thats how it is when i abort the mission... i know you say be patient with it but with no difference in the notepad log on a one hour run or a new scan on a 12 hour run something doesnt seem to be working on my end...

sorry for the set back, let me know how you want to tackle this... thanks again

ps. just noted that at the top it says log created at quarter to 4 and i shut it down at 10:15pm... i dont know if that was the last update to the log or what the deal is, just thought id point it out...
flip665
Regular Member
 
Posts: 53
Joined: January 16th, 2015, 3:54 pm

Re: poweliks plus others???

Unread postby wannabeageek » February 9th, 2015, 2:12 am

Hi flip,

Run this please.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware