Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus Removal Help

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
bigguns23
Newbie


Joined: 06 May 2012
Last Visit: 14 May 2012
Posts: 3

PostPosted: Sun May 06, 2012 11:08 am    Post subject: Virus Removal Help Reply with quote

Hi, i have error messages that keep popping up when i try to use programs on my computer. All of them say Bad Image and end with 'Please check installation Diske.' Here are the two logs from DDS.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:52:42 on 2012-05-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.746 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - c:\program files\wajam\ie\priam_bho.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: FCTBPos00Pos: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - Dogpile Bundle Toolbar BHO
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Zoom Downloader: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
uRunOnce: [NeroHomeFirstStart] c:\program files\common files\ahead\lib\NMFirstStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [SpybotDeletingA5448] command.com /c del "c:\windows\system32\lxct_device.dll_old"
mRunOnce: [SpybotDeletingC8117] cmd.exe /c del "c:\windows\system32\lxct_device.dll_old"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277751549156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A672A96-FF40-48CE-9A36-46B6796365EC} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\zvjof41v.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\webzen\webzengamestarter\NPGameWebStarter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
S0 tnth;tnth;c:\windows\system32\drivers\ufkxjx.sys --> c:\windows\system32\drivers\ufkxjx.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-15 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-5 654408]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-28 1691480]
S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-30 10872]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-13 947528]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-15 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-5 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
=============== Created Last 30 ================
.
2012-05-06 03:48:14 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-05-06 03:48:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-06 03:48:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 03:48:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 03:43:02 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2012-05-02 19:22:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-02 19:22:11 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-02 19:22:11 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-28 18:00:08 -------- d-----w- c:\program files\common files\Personal
2012-04-18 01:21:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-04-03 17:14:03 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-02-12 02:13:51 24 ----a-w- c:\windows\system32\sysmwwod.dll
.
============= FINISH: 13:53:18.68 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/28/2010 1:09:51 PM
System Uptime: 5/6/2012 1:49:59 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M68M-S2P
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 234 GiB total, 133.494 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP641: 2/7/2012 5:08:25 AM - System Checkpoint
RP642: 2/8/2012 6:08:24 AM - System Checkpoint
RP643: 2/8/2012 11:15:02 PM - Installed NCsoft Launcher
RP644: 2/9/2012 4:11:16 PM - Removed Rome - Total War
RP645: 2/9/2012 4:13:59 PM - Installed Rome - Total War
RP646: 2/9/2012 4:23:21 PM - Installed DirectX 9.0
RP647: 2/10/2012 7:58:01 PM - System Checkpoint
RP648: 2/12/2012 2:16:37 AM - System Checkpoint
RP649: 2/12/2012 11:53:43 AM - Installed DirectX
RP650: 2/12/2012 11:55:39 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP651: 2/13/2012 12:12:39 PM - System Checkpoint
RP652: 2/14/2012 12:35:03 AM - Installed TuneUp Utilities 2012
RP653: 2/15/2012 2:52:34 AM - System Checkpoint
RP654: 2/15/2012 10:50:44 PM - avast! Free Antivirus Setup
RP655: 2/16/2012 11:18:47 AM - Removed NCsoft Launcher
RP656: 2/16/2012 11:20:41 AM - Removed TuneUp Utilities 2012
RP657: 2/16/2012 11:21:42 AM - Removed TuneUp Utilities Language Pack (en-US)
RP658: 2/16/2012 11:41:43 AM - Removed Overwolf
RP659: 2/17/2012 12:40:00 AM - Installed Ad-Aware
RP660: 2/18/2012 10:39:47 AM - Installed Ad-Aware
RP661: 2/18/2012 2:05:23 AM - System Checkpoint
RP662: 2/19/2012 2:35:19 AM - System Checkpoint
RP663: 2/20/2012 3:03:12 AM - System Checkpoint
RP664: 2/21/2012 4:59:25 AM - System Checkpoint
RP665: 2/22/2012 5:51:43 AM - System Checkpoint
RP666: 2/23/2012 6:51:45 AM - System Checkpoint
RP667: 2/24/2012 7:51:47 AM - System Checkpoint
RP668: 2/25/2012 8:51:45 AM - System Checkpoint
RP669: 2/26/2012 11:34:04 AM - System Checkpoint
RP670: 2/27/2012 12:37:13 PM - System Checkpoint
RP671: 2/28/2012 1:23:07 PM - System Checkpoint
RP672: 2/29/2012 1:27:26 PM - System Checkpoint
RP673: 3/1/2012 1:45:45 PM - System Checkpoint
RP674: 3/2/2012 1:48:10 PM - System Checkpoint
RP675: 3/3/2012 1:59:07 PM - System Checkpoint
RP676: 3/4/2012 2:21:58 PM - System Checkpoint
RP677: 3/5/2012 3:00:14 PM - System Checkpoint
RP678: 3/6/2012 4:05:49 PM - System Checkpoint
RP679: 3/7/2012 5:37:48 PM - System Checkpoint
RP680: 3/8/2012 6:18:45 PM - System Checkpoint
RP681: 3/9/2012 6:59:39 PM - System Checkpoint
RP682: 3/10/2012 7:10:57 PM - System Checkpoint
RP683: 3/11/2012 9:10:57 PM - System Checkpoint
RP684: 3/12/2012 9:19:22 PM - System Checkpoint
RP685: 3/13/2012 10:10:57 PM - System Checkpoint
RP686: 3/14/2012 10:29:54 PM - System Checkpoint
RP687: 3/15/2012 11:20:45 PM - System Checkpoint
RP688: 3/16/2012 11:35:01 PM - System Checkpoint
RP689: 3/18/2012 12:11:20 AM - System Checkpoint
RP690: 3/18/2012 11:08:29 AM - avast! Free Antivirus Setup
RP691: 3/19/2012 3:22:54 AM - Installed Akamai NetSession Interface
RP692: 3/19/2012 3:33:48 AM - Installed Akamai NetSession Interface
RP693: 3/20/2012 4:06:40 AM - System Checkpoint
RP694: 3/20/2012 6:10:52 PM - Installed Morrowind
RP695: 3/20/2012 6:13:10 PM - Installed TES Construction Set
RP696: 3/21/2012 6:19:20 PM - System Checkpoint
RP697: 3/22/2012 7:07:47 PM - System Checkpoint
RP698: 3/23/2012 8:06:42 PM - System Checkpoint
RP699: 3/25/2012 2:38:36 AM - System Checkpoint
RP700: 3/26/2012 3:15:05 AM - System Checkpoint
RP701: 3/27/2012 3:23:24 AM - System Checkpoint
RP702: 3/28/2012 3:24:06 AM - System Checkpoint
RP703: 3/28/2012 10:54:03 AM - Removed Morrowind
RP704: 3/28/2012 10:54:41 AM - Removed TES Construction Set
RP705: 3/29/2012 11:47:49 AM - System Checkpoint
RP706: 3/31/2012 2:43:26 AM - System Checkpoint
RP707: 4/1/2012 3:20:14 AM - System Checkpoint
RP708: 4/2/2012 3:21:24 AM - System Checkpoint
RP709: 4/2/2012 8:02:44 PM - Installed Uncharted Waters Online
RP710: 4/3/2012 9:25:01 PM - System Checkpoint
RP711: 4/4/2012 2:22:52 AM - Installed DirectX
RP712: 4/4/2012 2:24:42 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP713: 4/4/2012 2:25:19 AM - Installed Steam
RP714: 4/5/2012 2:59:00 AM - System Checkpoint
RP715: 4/6/2012 3:23:34 AM - System Checkpoint
RP716: 4/7/2012 10:09:08 AM - System Checkpoint
RP717: 4/8/2012 10:31:59 AM - System Checkpoint
RP718: 4/9/2012 10:53:17 AM - System Checkpoint
RP719: 4/10/2012 11:54:54 AM - System Checkpoint
RP720: 4/11/2012 2:38:21 PM - System Checkpoint
RP721: 4/12/2012 2:58:17 PM - System Checkpoint
RP722: 4/13/2012 3:44:05 PM - System Checkpoint
RP723: 4/14/2012 3:44:21 PM - System Checkpoint
RP724: 4/15/2012 4:27:49 PM - System Checkpoint
RP725: 4/16/2012 5:06:21 PM - System Checkpoint
RP726: 4/17/2012 5:26:36 PM - System Checkpoint
RP727: 4/18/2012 8:08:21 PM - System Checkpoint
RP728: 4/19/2012 9:33:34 PM - System Checkpoint
RP729: 4/20/2012 10:12:04 PM - System Checkpoint
RP730: 4/22/2012 1:20:23 AM - System Checkpoint
RP731: 4/23/2012 2:08:26 AM - System Checkpoint
RP732: 4/24/2012 2:54:06 AM - System Checkpoint
RP733: 4/25/2012 3:49:27 AM - System Checkpoint
RP734: 4/26/2012 4:49:21 AM - System Checkpoint
RP735: 4/27/2012 10:36:34 AM - System Checkpoint
RP736: 4/28/2012 12:16:51 PM - System Checkpoint
RP737: 4/29/2012 12:18:56 PM - System Checkpoint
RP738: 4/30/2012 1:46:28 PM - System Checkpoint
RP739: 5/2/2012 2:38:24 AM - System Checkpoint
RP740: 5/3/2012 11:28:59 AM - System Checkpoint
RP741: 5/4/2012 2:31:47 PM - System Checkpoint
RP742: 5/5/2012 2:32:54 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Advanced SystemCare 3
AIM Toolbar
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI AVIVO Codecs
ATI Catalyst Install Manager
AVG 2011
AVG 2012
AVG PC Tuneup 2011
Bandisoft MPEG-1 Decoder
Belkin F7D1101 Basic Wireless USB Adapter
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CCleaner
Download Updater (AOL LLC)
Dual-Core Optimizer
Entropia Universe
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB958655-v2)
iLivid
iTunes
Java Auto Updater
Java(TM) 6 Update 20
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MP3 WAV WMA Converter
MSVCRT
Nexon Game Manager
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenAL
Pando Media Booster
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Rome - Total War
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Segoe UI
Skins
Skype Toolbars
Skype™ 5.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3.1 TX
Steam
Uncharted Waters Online
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.7
WebFldrs XP
Webzen Game Starter
Windows iLivid Toolbar
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 15.5
World of Warcraft
Xfire (remove only)
Yahoo! Toolbar
Yontoo 1.10.02
ZIP Reader 8.00.0018
Zoom Downloader
.
==== Event Viewer Messages From Past Week ========
.
5/6/2012 1:51:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Fips
5/6/2012 1:50:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2012 1:17:22 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.
5/6/2012 1:17:22 PM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
5/6/2012 1:16:22 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
.
==== End Of File ===========================
Back to top
View user's profile Send private message Send e-mail
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Mon May 07, 2012 12:23 am    Post subject: Reply with quote

Hi bigguns23,

Firstly, welcome to the Spyware Warrior Forum. Smile
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !

  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic Help with Spyware Removal Forum Guidelines (PLEASE READ) where the conditions for receiving help here are explained.

Quote:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. Smile
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Mon May 07, 2012 2:49 am    Post subject: Reply with quote

Hi bigguns23,

Thank you again for your patience. Smile

Please remember to read the instructions below carefully before executing and perform the steps exactly in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
ERUNT - Emergency Recovery Utility NT

Before we do anything we will try to back up the Registry with ERUNT:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
ERUNT (Emergency Recovery Utility NT) by Lars Hederer is a free program that allows you to create a complete backup of your registry and restore it when needed.
  1. Please download ERUNT and save it to your Desktop.
  2. Double-click on erunt-setup-exe to run the installation process.
    Note: If the Open File - Security Warning window pops up, click on the Run button.
  3. Install ERUNT by following the prompts using the default installation settings.
  4. Make sure the first two check boxes Create ERUNT desktop icon and Create NTREGOPT desktop icon are checked.
  5. When you reach the section that asks you to add ERUNT to the Start-Up folder click on the No button. This later can be enabled later, if required.
  6. In the final screen make sure the Show documentation option is unchecked. Then click on the Finish button.
  7. Click on the OK button in the Welcome! screen.
  8. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\DD-MM-YYYY (where DD-MM-YYYY is the date of the backup) which is fine.
  9. under Backup options make sure both of the first two options: System registry and Current user registry are checked.
  10. Click on the Yes button to allow the folder to be created.
    After a short duration the Registry backup is complete! pop-up message will appear.
  11. Now click on OK. A registry backup has now been created.
< STOP > If you are unable to complete this step successfully, < STOP > do not continue with any fix steps, let me know immediately in your next post!

Step 2:
Uninstall Programs
  1. Select Start > Control Panel > Add/Remove Programs.
  2. Scroll down the list of installed programs and select each of the following programs:

      Advanced SystemCare 3
      Ask Toolbar
      AVG PC Tuneup 2011
      Pando Media Booster
      Spybot - Search & Destroy 1.3.1 TX
      Yontoo 1.10.02
      Zoom Downloader

  3. Click on the Remove button to uninstall the program.
  4. Click on the Yes button at the prompt.
  5. Repeat steps 4 to 6 for each of the above programs.
  6. Close the Add/Remove Programs control panel when the removals have been completed.
  7. Restart the computer to complete removal of the programs.
Step 3:
Download Custom Script
  1. Right-click on This Link and select Save target as... or Save Link as... option ...
  2. Save as the filename: Fix.txt to your Desktop. <-- IMPORTANT
Step 4:
OTL - Custom Fix

We now need to run a custom OTL fix.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic, if necessary.
  1. Please download OTL by Old Timer. Save it to your Desktop.
  2. Double-click on OTL.exe to run the program.
  3. Click on the Run Fix button at the top of the program window.
  4. You will see a pop-up dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on the OK button to continue.
  5. When the Open dialog appears, Navigate to your Desktop, scroll down to and select the file named Fix.txt and then click on the Open button.
  6. Some text will appear in the Custom scans/Fixes box.
  7. Click on the Run Fix button.
    Note: Please let the program run unhindered until it has finished.
  8. Reboot the PC when it is done.
    Once the computer has restarted and you have logged back into your usual account, a text file named OTL.txt will automatically open in Notepad. This file will be located on your Desktop.
  9. Please Copy and Paste the entire contents of OTL.txt into your next reply.
Step 5:
SystemLook
  1. Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
    Alternate download site.
  2. Double-click on SystemLook.exe to run the program.
  3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
    Code:
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech

  4. Click on the Look button to start the scan.
    Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
  5. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
    A log file will be created on your Desktop named SystemLook.txt.
  6. Please post the contents of the SystemLook.txt file in your next reply.
Step 6:
Include in Next Post
  1. Did you have any problems carrying out the instructions?
  2. OTL.txt.
  3. SystemLook.txt.
  4. Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
bigguns23
Newbie


Joined: 06 May 2012
Last Visit: 14 May 2012
Posts: 3

PostPosted: Mon May 07, 2012 7:08 am    Post subject: Reply with quote

Had no problems with the instructions, and i do not own the windows installation disks / media. Here are the logs.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\iebho.dll deleted successfully.
File pInit_DLLs: not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
========== FILES ==========
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml not found.
File/Folder C:\Documents and Settings\Administrator\Application Data\searchquband not found.
File/Folder C:\Documents and Settings\Administrator\Application Data\searchqutoolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 4927761 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->FireFox cache emptied: 96920282 bytes
->Flash cache emptied: 57249 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 20801213 bytes
->Flash cache emptied: 1981 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 779962405 bytes
->Java cache emptied: 76737 bytes
->Flash cache emptied: 127666 bytes

User: Owner
->Temp folder emptied: 886800 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4928708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 160742046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,022.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.42.3 log created on 05072012_094158

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9KI0FW5D\deutschsuchen_com[1].htm not found!

Registry entries deleted on Reboot...





SystemLook 30.07.11 by jpshortstuff
Log created at 09:52 on 07/05/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [12:29 31/05/2011] [12:29 31/05/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [12:29 31/05/2011] [12:29 31/05/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.dat --a--c- 221 bytes [23:40 06/08/2011] [23:40 06/08/2011] 660EBB167E1A025C6F61BFADE3277689
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe --a--c- 3017853 bytes [23:40 06/08/2011] [12:28 10/07/2011] E337450787D0593F9CFE762DF8245985
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.lnk --a--c- 0 bytes [23:40 06/08/2011] [23:40 06/08/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.msi --a--c- 265728 bytes [23:40 06/08/2011] [12:27 10/07/2011] BFBC3483F338CEF1CF14D111F11B6FD7
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.par --a--c- 1515 bytes [23:40 06/08/2011] [23:40 06/08/2011] 1453C2CE3C1718D0FA7FCFE018933586
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.res --a--c- 2296958 bytes [23:40 06/08/2011] [12:28 10/07/2011] 8705E6D8D717400B5DE48854E5D903F5
C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk --a---- 702 bytes [23:40 06/08/2011] [23:40 06/08/2011] 618F5282BE0C35B2836421428F653E88
C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 714 bytes [23:40 06/08/2011] [23:40 06/08/2011] DEEF327463982E91D8A3B92CFC74E012
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [23:39 06/08/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [23:39 06/08/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1235856 bytes [23:39 06/08/2011] [20:44 01/06/2011] 411F14AC8C0FB320FC135818C253871E
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1546640 bytes [23:39 06/08/2011] [20:44 01/06/2011] C0909655D4BDF541DA23E828B7B05A7A

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\Documents and Settings\All Users\Start Menu\Programs\iLivid d------ [23:40 06/08/2011]
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\iLivid d------ [14:42 07/05/2012]
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar d------ [14:42 07/05/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [14:42 07/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Contact"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
No data found.

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
"installpath"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts\ilivid.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEDFDFFE3AA4D26479FA77EB65BBAC87]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EED438284B437DF43B6EE2BF88D567ED]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF4896E5E9DAC1447A5309DE37410888]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"UninstallString"=""C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"ModifyPath"="C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"HelpLink"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"URLUpdateInfo"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB4C1E28-49BC-45EA-9DD2-28A73942504F}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
Back to top
View user's profile Send private message Send e-mail
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Tue May 08, 2012 12:56 am    Post subject: Reply with quote

Hi bigguns23,

Thank you for the logs and feedback.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Re-Run ERUNT

Please backup the registry with ERUNT again before proceeding with the rest of the instructions.

Step 2:
OTL - Script

We need to run another OTL Fix.

Again, please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
  1. Double-click on OTL.exe to run the program.
  2. Copy and Paste the following code into the textbox. Do not include the word Code.
    Code:
    :processes
    killallprocesses

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEDFDFFE3AA4D26479FA77EB65BBAC87]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EED438284B437DF43B6EE2BF88D567ED]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF4896E5E9DAC1447A5309DE37410888]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB4C1E28-49BC-45EA-9DD2-28A73942504F}]

    :files
    C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
    C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\iLivid Download Manager.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
    ipconfig /flushdns /c

    :commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]


  3. Then click the Run Fix button at the top.
  4. Click .
  5. OTL may ask to reboot the machine. Please do so if asked.
  6. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Step 3:
SystemLook
  1. Double-click on SystemLook.exe to run the program.
  2. Copy and Paste the text in the code box below into SystemLook's main text entry window:
    Code:
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech

  3. Click on the Look button to start the scan.
    Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
  4. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
    A log file will be created on your Desktop named SystemLook.txt.
  5. Please post the contents of the SystemLook.txt file in your next reply.
Note: Remember to re-enable your Anti-virus real-time protection.

Step 4:
Security Check
  1. Please download Security Check by screen317 and Save it to your Desktop.
    Alternate download site: Link 2
  2. Double-click on the SecurityCheck.exe icon to run the program.
  3. Press the Space Bar when you see the Press any key to continue... message.
    Please Note: This scan will take a short while to complete, so please be patient.
  4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
  5. Save the file checkup.txt to your Desktop.
    Please Note: This output file is NOT automatically saved!
  6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
Step 5:
aswMBR - Scan
  1. Please download aswMBR.exe © Avast Software and Save it to your Desktop.
  2. Double-click on aswMBR.exe to launch it.
  3. Click on the Scan button to start the scan.
  4. On completion of the scan the following message will be displayed: "Scan finished successfully". Click on the Save log button.
  5. You will be prompted to save a file named aswMBR.txt. Save it to your Desktop.
  6. Please Copy and Paste the contents of aswMBR.txt into your next reply.
Please Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat. This is a copy of your MBR record, before any changes are made, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

Step 6:
Include in Next Post
  1. Did you have any problems carrying out the instructions?
  2. OTL.txt.
  3. SystemLook.txt.
  4. checkup.txt.
  5. aswMBR.txt.
  6. How is the computer now running?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
bigguns23
Newbie


Joined: 06 May 2012
Last Visit: 14 May 2012
Posts: 3

PostPosted: Tue May 08, 2012 5:25 am    Post subject: Reply with quote

Had a couple problems with the instructions. Couldn't run Old Timer on my regular user, it froze up the whole computer, had to restart and went into Safe mode with networking as Admin, worked perfectly fine there. My computer is running slower than usual, most things take twice as long to load, like just opening up Firefox or Internet Explorer.


All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEDFDFFE3AA4D26479FA77EB65BBAC87\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EED438284B437DF43B6EE2BF88D567ED\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF4896E5E9DAC1447A5309DE37410888\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB4C1E28-49BC-45EA-9DD2-28A73942504F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB4C1E28-49BC-45EA-9DD2-28A73942504F}\ not found.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820} folder moved successfully.
C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\iLivid Download Manager.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\iLivid folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 44009996 bytes
->Flash cache emptied: 621 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 135674782 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1758 bytes

User: Owner
->Temp folder emptied: 361833 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45835780 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 215.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.42.3 log created on 05082012_072354

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



SystemLook 30.07.11 by jpshortstuff
Log created at 07:40 on 08/05/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [12:29 31/05/2011] [12:29 31/05/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [12:29 31/05/2011] [12:29 31/05/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [23:39 06/08/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [23:39 06/08/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.dat --a--c- 221 bytes [23:40 06/08/2011] [23:40 06/08/2011] 660EBB167E1A025C6F61BFADE3277689
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe --a--c- 3017853 bytes [23:40 06/08/2011] [12:28 10/07/2011] E337450787D0593F9CFE762DF8245985
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.lnk --a--c- 0 bytes [23:40 06/08/2011] [23:40 06/08/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.msi --a--c- 265728 bytes [23:40 06/08/2011] [12:27 10/07/2011] BFBC3483F338CEF1CF14D111F11B6FD7
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.par --a--c- 1515 bytes [23:40 06/08/2011] [23:40 06/08/2011] 1453C2CE3C1718D0FA7FCFE018933586
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.res --a--c- 2296958 bytes [23:40 06/08/2011] [12:28 10/07/2011] 8705E6D8D717400B5DE48854E5D903F5
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk --a---- 702 bytes [23:40 06/08/2011] [23:40 06/08/2011] 618F5282BE0C35B2836421428F653E88
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 714 bytes [23:40 06/08/2011] [23:40 06/08/2011] DEEF327463982E91D8A3B92CFC74E012

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1235856 bytes [23:39 06/08/2011] [20:44 01/06/2011] 411F14AC8C0FB320FC135818C253871E
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1546640 bytes [23:39 06/08/2011] [20:44 01/06/2011] C0909655D4BDF541DA23E828B7B05A7A

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\Owner\Application Data\searchquband d------ [23:40 06/08/2011]
C:\Documents and Settings\Owner\Application Data\searchqutoolbar d------ [23:39 06/08/2011]

Searching for "*iLivid*"
C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player d------ [23:40 06/08/2011]
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\iLivid d------ [14:42 07/05/2012]
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar d------ [14:42 07/05/2012]
C:\_OTL\MovedFiles\05082012_072354\C_Documents and Settings\All Users\Start Menu\Programs\iLivid d------ [12:24 08/05/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Documents and Settings\Owner\AppData\LocalLow\DataMngr d------ [23:40 06/08/2011]
C:\_OTL\MovedFiles\05072012_094158\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [14:42 07/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=101&systemid=406&v="
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=101&systemid=406&v="
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json"
[HKEY_CURRENT_USER\Software\searchqutoolbar]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=101&systemid=406&v="
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=101&systemid=406&v="
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\searchqutoolbar]

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"Folder"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_CURRENT_USER\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_CURRENT_USER\Software\ilivid]
[HKEY_CURRENT_USER\Software\ilivid\player]
"installpath"="C:\Program Files\iLivid"
[HKEY_CURRENT_USER\Software\ilivid\player\hosts\ilivid.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"Folder"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\ilivid]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\ilivid\player]
"installpath"="C:\Program Files\iLivid"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\ilivid\player\hosts\ilivid.com]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
[HKEY_CURRENT_USER\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_F]
"DependentKey"="Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_S]
"DependentKey"="Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_V]
"DependentKey"="Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_F]
"DependentKey"="Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_S]
"DependentKey"="Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_V]
"DependentKey"="Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE"="Data Manager"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_F]
"DependentKey"="Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_S]
"DependentKey"="Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_V]
"DependentKey"="Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{687578b9-7132-4a7a-80e4-30ee31099e03}\{687578b9-7132-4a7a-80e4-30ee31099e03}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{687578b9-7132-4a7a-80e4-30ee31099e03}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_F]
"DependentKey"="Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_S]
"DependentKey"="Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_V]
"DependentKey"="Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\DataMngr_Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233}\{95B7759C-8C7F-4BF1-B163-73684A933233}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE"="Data Manager"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Trolltech]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-117609710-1364589140-839522115-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-



Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2012
AVG 2011
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Spybot - Search & Destroy
HijackThis 1.99.1
CCleaner
Java(TM) 6 Update 20
Java version out of date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
``````````End of Log````````````




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-08 07:59:23
-----------------------------
07:59:23.406 OS Version: Windows 5.1.2600 Service Pack 3
07:59:23.406 Number of processors: 2 586 0x4B02
07:59:23.406 ComputerName: OWMER-A0747FB76 UserName: Owner
07:59:25.328 Initialize success
08:02:33.781 AVAST engine defs: 12050800
08:02:45.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
08:02:45.687 Disk 0 Vendor: Maxtor_7 BACE Size: 239372MB BusType: 3
08:02:45.734 Disk 0 MBR read successfully
08:02:45.734 Disk 0 MBR scan
08:02:45.875 Disk 0 Windows XP default MBR code
08:02:45.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 239359 MB offset 63
08:02:45.875 Disk 0 scanning sectors +490207410
08:02:45.937 Disk 0 scanning C:\WINDOWS\system32\drivers
08:02:56.546 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-C [Rtk]
08:03:00.234 Disk 0 trace - called modules:
08:03:00.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85924fd0]<<
08:03:00.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ac3110]
08:03:00.250 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> [0x869c3e60]
08:03:00.250 \Driver\00000870[0x859c6978] -> IRP_MJ_CREATE -> 0x85924fd0
08:03:02.671 AVAST engine scan C:\WINDOWS
08:03:07.187 AVAST engine scan C:\WINDOWS\system32
08:03:07.562 File: C:\WINDOWS\system32\acedrv07.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:08.625 File: C:\WINDOWS\system32\alerter.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:08.812 File: C:\WINDOWS\system32\AMDPCI.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:08.890 File: C:\WINDOWS\system32\amsint.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:08.968 File: C:\WINDOWS\system32\Angel2.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:09.000 File: C:\WINDOWS\system32\aniwzcsdservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:09.109 File: C:\WINDOWS\system32\apfiltrservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:09.328 File: C:\WINDOWS\system32\aspi32.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:09.359 File: C:\WINDOWS\system32\AsusACPI.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:09.859 File: C:\WINDOWS\system32\ati2mtaa.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:12.453 File: C:\WINDOWS\system32\AVerTV.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:12.500 File: C:\WINDOWS\system32\avgascln.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:12.765 File: C:\WINDOWS\system32\backupexecrpcservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:12.875 File: C:\WINDOWS\system32\bcoreusb.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:13.046 File: C:\WINDOWS\system32\beep.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:13.640 File: C:\WINDOWS\system32\bltrust.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:14.281 File: C:\WINDOWS\system32\Cam5603D.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:14.562 File: C:\WINDOWS\system32\cavasm.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:15.562 File: C:\WINDOWS\system32\clipsrv.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:16.062 File: C:\WINDOWS\system32\cmudau.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:17.890 File: C:\WINDOWS\system32\CTEAPSFX.DLL.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:17.968 File: C:\WINDOWS\system32\ctljystk.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:18.015 File: C:\WINDOWS\system32\CTSBLFX.DLL.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:18.078 File: C:\WINDOWS\system32\CYGF32X.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:28.890 File: C:\WINDOWS\system32\datunidr.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:29.921 File: C:\WINDOWS\system32\defwatch.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:31.296 File: C:\WINDOWS\system32\djsnetcn.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:32.062 File: C:\WINDOWS\system32\dnserver32.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:34.000 File: C:\WINDOWS\system32\DVDVRRdr_xp.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:34.265 File: C:\WINDOWS\system32\dxdebug.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:35.187 File: C:\WINDOWS\system32\eabusb.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:35.906 File: C:\WINDOWS\system32\elbycdfl.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:37.156 File: C:\WINDOWS\system32\FiltUSBEMPIA.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:37.718 File: C:\WINDOWS\system32\fsdfwd.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:38.375 File: C:\WINDOWS\system32\gbpoll.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:38.546 File: C:\WINDOWS\system32\genregistrar.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:38.843 File: C:\WINDOWS\system32\GoProto.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:39.156 File: C:\WINDOWS\system32\ha20x2k.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:39.281 File: C:\WINDOWS\system32\hcmon.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:40.171 File: C:\WINDOWS\system32\iAimFP5.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:40.437 File: C:\WINDOWS\system32\ibmsmbus.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:43.531 File: C:\WINDOWS\system32\ikfileflt.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:43.921 File: C:\WINDOWS\system32\imountsrv.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:45.921 File: C:\WINDOWS\system32\isamsmt.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:48.625 File: C:\WINDOWS\system32\KMW_KBD.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:49.343 File: C:\WINDOWS\system32\lanmanserver.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:49.421 File: C:\WINDOWS\system32\lbtserv.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:49.625 File: C:\WINDOWS\system32\LHidKe.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:49.765 File: C:\WINDOWS\system32\license.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:49.921 File: C:\WINDOWS\system32\lmab_device.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:51.328 File: C:\WINDOWS\system32\mcupdmgr.exe.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:52.656 File: C:\WINDOWS\system32\mks_scan.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:52.890 File: C:\WINDOWS\system32\mldserv.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:54.843 File: C:\WINDOWS\system32\MRESP50.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:54.890 File: C:\WINDOWS\system32\mrobeservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:03:59.265 File: C:\WINDOWS\system32\msk80service.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:00.718 File: C:\WINDOWS\system32\mssql$sqlexpress.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:00.796 File: C:\WINDOWS\system32\mssqlserverolapservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:00.937 File: C:\WINDOWS\system32\mstdc.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:04.859 File: C:\WINDOWS\system32\ndasscsi.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:06.328 File: C:\WINDOWS\system32\nfsds.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:06.375 File: C:\WINDOWS\system32\NITaggerService.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:06.531 File: C:\WINDOWS\system32\nmindexingservice.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:07.046 File: C:\WINDOWS\system32\ntcharge.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:12.046 File: C:\WINDOWS\system32\NWFILTER.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:12.078 File: C:\WINDOWS\system32\nwlnkipx.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:13.937 File: C:\WINDOWS\system32\oracleorahomedatagatherer.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:13.984 File: C:\WINDOWS\system32\oraclesnmppeerencapsulator.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:14.718 File: C:\WINDOWS\system32\pav_service.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:14.812 File: C:\WINDOWS\system32\pcampr5.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:14.921 File: C:\WINDOWS\system32\PdiPorts.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:14.953 File: C:\WINDOWS\system32\pdreli.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:15.578 File: C:\WINDOWS\system32\pktfilter.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:21.343 File: C:\WINDOWS\system32\s217unic.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:21.921 File: C:\WINDOWS\system32\scanwscs.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:22.171 File: C:\WINDOWS\system32\scdemu.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:22.687 File: C:\WINDOWS\system32\SE2Bmdm.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:22.765 File: C:\WINDOWS\system32\SE2Cobex.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:22.843 File: C:\WINDOWS\system32\se59mdm.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:22.875 File: C:\WINDOWS\system32\SeaPort.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:23.046 File: C:\WINDOWS\system32\SecureStorageService.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:24.046 File: C:\WINDOWS\system32\sfcure01.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:25.328 File: C:\WINDOWS\system32\SiS300i.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:25.468 File: C:\WINDOWS\system32\sisperf.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:26.078 File: C:\WINDOWS\system32\smbios.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:26.500 File: C:\WINDOWS\system32\sonicstagemonitoring.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:27.765 File: C:\WINDOWS\system32\sskbfd.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:28.046 File: C:\WINDOWS\system32\ss_mdfl.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:28.984 File: C:\WINDOWS\system32\sysmonlog.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:29.296 File: C:\WINDOWS\system32\Tablet2k.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:30.296 File: C:\WINDOWS\system32\tng-doba.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:30.343 File: C:\WINDOWS\system32\tomcatcws3.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:30.390 File: C:\WINDOWS\system32\tosrfbnp.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:31.421 File: C:\WINDOWS\system32\tvtnetwk.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:31.906 File: C:\WINDOWS\system32\ultra66.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:32.750 File: C:\WINDOWS\system32\USB11LDR.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:32.906 File: C:\WINDOWS\system32\usbhub.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:33.968 File: C:\WINDOWS\system32\vaiomediaplatform-integratedserver-appserver.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:34.437 File: C:\WINDOWS\system32\vgasave.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:34.500 File: C:\WINDOWS\system32\vmusb.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:34.562 File: C:\WINDOWS\system32\VNUSB.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:34.609 File: C:\WINDOWS\system32\vpnva.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:35.093 File: C:\WINDOWS\system32\WavxDMgr.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:35.687 File: C:\WINDOWS\system32\whoisd32.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:47.890 File: C:\WINDOWS\system32\xpagentserver.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:48.687 File: C:\WINDOWS\system32\yediex.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:48.828 File: C:\WINDOWS\system32\ZTEusbser6k.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:04:48.859 File: C:\WINDOWS\system32\{6080a529-897e-4629-a488-aba0c29b635e}.dll **INFECTED** Win32:Sirefef-SM [Trj]
08:05:37.296 AVAST engine scan C:\WINDOWS\system32\drivers
08:05:45.437 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-C [Rtk]
08:05:54.265 AVAST engine scan C:\Documents and Settings\Owner
08:05:54.359 File: C:\Documents and Settings\Owner\1buw.exe **INFECTED** Win32:Bredolab-JG [Trj]
08:05:54.421 File: C:\Documents and Settings\Owner\1cky.exe **INFECTED** Win32:Kryptik-IPT [Trj]
08:06:46.125 File: C:\Documents and Settings\Owner\fsig.com **INFECTED** Win32:Dropper-KTL [Drp]
08:06:47.375 File: C:\Documents and Settings\Owner\jitax.com **INFECTED** Win32:VB-ACKW [Trj]
08:06:47.437 File: C:\Documents and Settings\Owner\kuyil.com **INFECTED** Win32:VB-ACQH [Trj]
08:06:47.500 File: C:\Documents and Settings\Owner\lcub.com **INFECTED** Win32:VB-ACMV [Trj]
08:09:49.906 File: C:\Documents and Settings\Owner\Local Settings\Application Data\Personal\PersonalStart.exe **INFECTED** Win32:Kryptik-IPT [Trj]
08:10:32.703 File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I2F22NRD\setup[1].exe **INFECTED** Win32:VB-ACKS [Trj]
08:11:43.375 File: C:\Documents and Settings\Owner\peeteq.com **INFECTED** Win32:Dropper-KTL [Drp]
08:11:43.421 File: C:\Documents and Settings\Owner\peoqel.com **INFECTED** Win32:VB-ACRF [Trj]
08:11:48.937 File: C:\Documents and Settings\Owner\vixat.com **INFECTED** Win32:Kryptik-IOS [Trj]
08:11:49.343 File: C:\Documents and Settings\Owner\zeudu.exe **INFECTED** Win32:VB-ACQR [Trj]
08:11:58.109 AVAST engine scan C:\Documents and Settings\All Users
08:13:31.968 Scan finished successfully
08:18:15.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
08:18:15.890 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR2.txt"
Back to top
View user's profile Send private message Send e-mail
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Tue May 08, 2012 6:08 pm    Post subject: Reply with quote

Hi bigguns23,

I am afraid I have some bad news for you. Sad

Rootkit Warning

Your computer shows signs of multiple infections, including a Rootkit infection.
A Rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
    and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords
    (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
    Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and re-installation of the operating system (OS).

This decision will have to be made by you.

An attempt can be made to clean this machine, however there will be no guarantee that it won't still be compromised afterwards.

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
How and Where to backup your files
Restoring your backups

Please confirm how you would like to proceed.


Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Thu May 10, 2012 7:17 pm    Post subject: Reply with quote

Hi bigguns23,

It has been over 48 hours since my last post.
  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • In line with Spyware Warrior's Forum Guidelines, topics will be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Aug 2014
Posts: 4592
Location: Land Of The Leprechauns

PostPosted: Sat May 12, 2012 1:12 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group