Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 49

Thread: Need Help uninstalling iLivid

  1. #11
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Thank you again for your patience.

    Please confirm whether or not you are aware of having installed the program GoToAssist. If so, for what purpose was the program installed?

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Create System Restore Point

    First we need to make sure we have a back up of the Registry to return to if we need it:

    1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
    2. In the left-hand pane click on the System Protection option.
    3. When the Dialog comes up, click on the System Protection tab.
    4. Check that the drive letter where Windows is located (usually C: drive) indicates System protection ON.
      (This indicates System restore is turned ON for the Windows drive).
    5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
    6. You will get a message that the Restore Point was created successfully. Click on the Close button.
    7. Click on the OK button and close the System window in the Control Panel.

    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

    Step 2:
    Uninstall Programs

    Registry Cleaners Advisory

    I notice that the Uniblue RegistryBooster Registry Cleaner is installed on this computer.

    I don't personally recommend the use of ANY registry cleaners.
    Here is an excerpt from a discussion on regcleaners
    Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    The point we are trying to make is that the risk of using one far outweighs any benefit.
    If it does work perfectly you will not see any difference.
    If it doesn't work properly you may end up with an expensive doorstop.
    http://miekiemoes.blogspot.com/2008/...eaking_13.html
    http://forums.whatthetech.com/Regcleaner_t42862.html

    In addition, I would also recommend the uninstallation of Paretologic File Cure.
    The company Paretologic also produces a Registry Cleaner as well as other products classed as spyware and therefore, by association, Paretologic File Cure cannot be trusted or recommended.

    Ultimately, the decision whether or not to remove both of these programs is yours. However, steering clear of such products in future will reduce your exposure to potential malware threats.

    Please follow the instructions below to remove these and other unwanted programs:

    1. Select Start > Control Panel > Programs > Programs and Features.
    2. Under the Programs heading, click on Uninstall a program.
    3. Scroll down the list of installed programs and locate the following program:

      AOL Install
      Paretologic File Cure
      <-- Opional Removal - see reasons provided above
      Uniblue RegistryBooster <-- Opional Removal - see reasons provided above
    4. Right-click on Uninstall to uninstall it.
    5. Repeat steps 3 - 4 for each program in the list.
    6. When finished Close the Control Panel window.
    7. Restart the computer to complete removal of the program.

    Step 3:
    Download Custom Script

    1. Right-click on This Link and select Save target as... or Save Link as... option ...
    2. Save as the filename: Fix.txt to your Desktop. <-- IMPORTANT

    Step 4:
    OTL - Custom Fix

    We now need to run a custom OTL fix.

    Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic, if necessary.

    1. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Click on the Run Fix button at the top of the program window.
    3. You will see a pop-up dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on the OK button to continue.
    4. When the Open dialog appears, Navigate to your Desktop, scroll down to and select the file named Fix.txt and then click on the Open button.
    5. Some text will appear in the Custom scans/Fixes box.
    6. Click on the Run Fix button.
      Note: Please let the program run unhindered until it has finished.
    7. Reboot the PC when it is done.
      Once the computer has restarted and you have logged back into your usual account, a text file named OTL.txt will automatically open in Notepad. This file will be located on your Desktop.
    8. Please Copy and Paste the entire contents of OTL.txt into your next reply.

    Step 5:
    SystemLook

    1. Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
      Alternate download site.
    2. Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
    4. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    5. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    6. Please post the contents of the SystemLook.txt file in your next reply.

    Step 6:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Are you aware of having installed the program GoToAssist? If so, for what purpose was the program installed?
    3. OTL.txt.
    4. SystemLook.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  2. #12
    Member
    Join Date
    Dec 2011
    Posts
    30

    Smile Hi and thanks for your patience.

    I will follow the instructions as soon as I can get an assist from my wife.
    As for the Uniblue Registry , I don't know how I got it and have been trying to get rid of it for months. As for the Go to assist and Paretologic file Cure ,I don't know where they came from and will gladly get rid of them as well as any other sugestions you may have .Thank you for all your help so far and as soon as I take the next step I''ll post it. Thanks again , Bruce

  3. #13
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Thank you for the update. I'll wait to hear from you.
    In the meantime, I wish you a Merry Xmas.

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #14
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default

    All processes killed
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\ilivid\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
    Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
    Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E : value set successfully!
    ========== FILES ==========
    File/Folder C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
    File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
    C:\Users\Bruce\AppData\Local\Ilivid Player folder moved successfully.
    File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
    File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\BandooFiles not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\BandooV6.exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\SweetIMReinstall not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\ilivid.7z not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\searchqu.ini not found.
    File/Folder C:\Users\Bruce\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
    C:\Users\Bruce\AppData\LocalLow\searchquband folder moved successfully.
    C:\Users\Bruce\AppData\LocalLow\searchqutoolbar\weather folder moved successfully.
    C:\Users\Bruce\AppData\LocalLow\searchqutoolbar folder moved successfully.
    File/Folder C:\Users\Bruce\Downloads\SweetImSetup.exe not found.
    File/Folder C:\Users\Bruce\Downloads\iLividSetupV1.exe not found.
    C:\Users\Bruce\AppData\LocalLow\DataMngr folder moved successfully.
    File/Folder C:\Users\Bruce\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
    File/Folder C:\Users\Bruce\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
    File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
    C:\Program Files\Windows iLivid Toolbar folder moved successfully.
    C:\Program Files\iLivid\VLC\skins\fonts folder moved successfully.
    C:\Program Files\iLivid\VLC\skins folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\lib\pkgconfig folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\lib folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\include\vlc folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\include folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk folder moved successfully.
    C:\Program Files\iLivid\VLC\plugins folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default\volume folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default\selection folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default\selected folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu folder moved successfully.
    C:\Program Files\iLivid\VLC\NSIS folder moved successfully.
    C:\Program Files\iLivid\VLC\mozilla folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\sd folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\playlist folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\modules folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta\reader folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta\fetcher folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta\art folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\intf\modules folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\intf folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\requests folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\js folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\images folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\dialogs folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\extensions folder moved successfully.
    C:\Program Files\iLivid\VLC\lua folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\zu\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\zu folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\zh_TW\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\zh_TW folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\zh_CN\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\zh_CN folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\wa\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\wa folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\vi\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\vi folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\uk\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\uk folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\tr\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\tr folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\tl\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\tl folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\th\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\th folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\tet\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\tet folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ta\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ta folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sv\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sv folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sr\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sr folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sq\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sq folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sl\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sl folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sk\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\sk folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\si\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\si folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ru\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ru folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ro\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ro folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\qt4 folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pt_PT\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pt_PT folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pt_BR\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pt_BR folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ps\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ps folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pl\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pl folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pa\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\pa folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\oc folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nn folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nl\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nl folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ne\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ne folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nb folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\my folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ms folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mn folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ml folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mk folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lv folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lt folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lg\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lg folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ko folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\km\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\km folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\kk folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ka folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ja\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ja folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\it folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\is\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\is folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\id folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hy\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hy folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hu\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hu folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hr\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hr folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hi folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\he folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\gl\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\gl folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ga\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ga folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fur folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fr\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fr folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fi\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fi folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ff\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ff folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fa folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\eu\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\eu folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\et\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\et folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\es\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\es folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\en_GB folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\el\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\el folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\de\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\de folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\da folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cs folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\co folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ckb folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cgg\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cgg folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ca folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\br\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\br folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\bn\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\bn folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\bg\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\bg folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\be folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ast\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ast folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ar folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\am\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\am folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\af folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ach\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ach folder moved successfully.
    C:\Program Files\iLivid\VLC\locale folder moved successfully.
    C:\Program Files\iLivid\VLC\languages folder moved successfully.
    C:\Program Files\iLivid\VLC\http\requests folder moved successfully.
    C:\Program Files\iLivid\VLC\http\js folder moved successfully.
    C:\Program Files\iLivid\VLC\http\images folder moved successfully.
    C:\Program Files\iLivid\VLC\http\dialogs folder moved successfully.
    C:\Program Files\iLivid\VLC\http folder moved successfully.
    C:\Program Files\iLivid\VLC\activex folder moved successfully.
    C:\Program Files\iLivid\VLC folder moved successfully.
    C:\Program Files\iLivid\imageformats folder moved successfully.
    C:\Program Files\iLivid folder moved successfully.
    File\Folder C:\Windows\Prefetch\ILIVID* not found.
    File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
    File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
    File\Folder C:\Program Files (x86)\iLivid not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bruce
    ->Temp folder emptied: 5024998 bytes
    ->Temporary Internet Files folder emptied: 196604400 bytes
    ->Java cache emptied: 9348403 bytes
    ->Flash cache emptied: 3003 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2358989 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1675677896 bytes

    Total Files Cleaned = 1,802.00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 12262011_150845

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF78E8.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF78F6.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA8A1.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA8A8.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFB93.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFBA1.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFC28.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFC37.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFCCE.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFD5A.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFFEA.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFFF7.tmp not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\4651[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\4651[2].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\ads[4].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\api[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\likebox[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\ads[6].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\ads[7].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\ads[8].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\api[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\documentwrite[1].js moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\external-link[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\iframe[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\index[2].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\showthread[4].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\showthread[5].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\sl1[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OGK4RC21\companions[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\ads[7].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\ads[8].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\al[1].js moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\context[1].js moved successfully.
    File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AS0KFQYC\shm[1].htm not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AS0KFQYC\visit[1].js moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\ads[5].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\ads[6].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\how-to-disable-your-security-applications-490111[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\index[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\track[1].htm moved successfully.
    File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\300x250[1].htm not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\api[1].htm moved successfully.
    File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\FbQh4mPQAAAABO-NPlAAAi9AAAP4kAOq9zAAA_hABqaHddefmPqQ[1].htm not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\VFAAAABhAnAAC4ugAAPdUBAPTT-E64ugAAT0dOOQ==![1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaDAFE.tmp not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0B8EE49B-43F5-4921-82B4-F9FCD51ECDD5}.tmp moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9F71C5D5-C60F-4CC3-87EF-8B885FEABDD2}.tmp moved successfully.

    Registry entries deleted on Reboot...

  5. #15
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 5 SystemLook.txt

    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:39 on 26/12/2011 by Bruce
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

    Searching for "*Searchqu*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952

    Searching for "*iLivid*"
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [15:52 12/12/2011] [15:52 12/12/2011] BB2864E331DB1BA31D424C2571333C6E
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat --a--c- 225 bytes [15:52 12/12/2011] [15:52 12/12/2011] 28707D5C41928D3463F7379C09AEF8AD
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe --a--c- 3002188 bytes [15:52 12/12/2011] [10:22 06/12/2011] 190C64038FC1B7F407C9440970796660
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.lnk --a--c- 0 bytes [15:52 12/12/2011] [15:52 12/12/2011] D41D8CD98F00B204E9800998ECF8427E
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.msi --a--c- 290816 bytes [15:52 12/12/2011] [10:22 06/12/2011] 124EA05DAF45A65251AE088E794FCC6A
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par --a--c- 1493 bytes [15:52 12/12/2011] [15:52 12/12/2011] 545DE9BE9EF6B67297A5CC14E3C900A4
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res --a--c- 2459440 bytes [15:52 12/12/2011] [10:22 06/12/2011] 0F1F6441CD4452A373C49CF6CC22BBB4
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [15:52 12/12/2011] [15:52 12/12/2011] BB2864E331DB1BA31D424C2571333C6E
    C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat --a--c- 225 bytes [15:52 12/12/2011] [15:52 12/12/2011] 28707D5C41928D3463F7379C09AEF8AD
    C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe --a--c- 3002188 bytes [15:52 12/12/2011] [10:22 06/12/2011] 190C64038FC1B7F407C9440970796660
    C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.lnk --a--c- 0 bytes [15:52 12/12/2011] [15:52 12/12/2011] D41D8CD98F00B204E9800998ECF8427E
    C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.msi --a--c- 290816 bytes [15:52 12/12/2011] [10:22 06/12/2011] 124EA05DAF45A65251AE088E794FCC6A
    C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par --a--c- 1493 bytes [15:52 12/12/2011] [15:52 12/12/2011] 545DE9BE9EF6B67297A5CC14E3C900A4
    C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res --a--c- 2459440 bytes [15:52 12/12/2011] [10:22 06/12/2011] 0F1F6441CD4452A373C49CF6CC22BBB4
    C:\Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [15:52 12/12/2011] [15:52 12/12/2011] 84CD79C2BEC432B29CC4FDC24B5CE7B1
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [15:52 12/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [15:52 12/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [15:52 12/12/2011] [10:17 06/12/2011] A66079777083006EA2EB658205FA2780
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [15:52 12/12/2011] [10:17 06/12/2011] D8B3EB0A5B5FDBC1609E4E2B66CE3F93

    Searching for "*trolltech*"
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchqu*"
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchquband d------ [15:53 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchqutoolbar d------ [15:52 12/12/2011]

    Searching for "*iLivid*"
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [15:52 12/12/2011]
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\Local\Ilivid Player d------ [15:53 12/12/2011]

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\DataMngr d------ [15:53 12/12/2011]

    Searching for "*trolltech*"
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "Publisher"="Bandoo Media Inc."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "Publisher"="Bandoo Media Inc."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "Contact"="Bandoo Media Inc."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    "Contact"="Bandoo Media, Inc"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    "Publisher"="Bandoo Media, Inc"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    "Publisher"="Bandoo Media Inc."

    Searching for "Searchqu"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    "@"="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    "@"="ISearchQueryHelper"
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]

    Searching for "iLivid"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"="iLivid Installation "
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"="iLivid Installation "
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files\iLivid\ilivid.exe"="ilivid.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
    @="URL:ilivid Player"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
    @=""C:\Program Files\iLivid\ilivid.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    "ProductName"="iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
    "PackageName"="iLividSetupV1.msi"
    [HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
    "installpath"="C:\Program Files\iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
    "player_path"="C:\Program Files\iLivid\VLC\vlc.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts\ilivid.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D]
    "2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701]
    "2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files\iLivid\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E]
    "2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "InstallLocation"="C:\Program Files\iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "DisplayName"="iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "DisplayIcon"="C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "DisplayName"="iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "UninstallString"=""C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "ModifyPath"="C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "HelpLink"="http://www.ilivid.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "URLUpdateInfo"="http://www.ilivid.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    "InstallLocation"="C:\Program Files\iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    "DisplayName"="Windows iLivid Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    "UninstallString"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    "DisplayIcon"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
    "Path"="C:\Program Files\Windows iLivid Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    "InstallLocation"="C:\Program Files\iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    "DisplayName"="iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    "UninstallString"="C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"="iLivid Installation "
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"="iLivid Installation "
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files\iLivid\ilivid.exe"="ilivid.exe"
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"="iLivid Installation "
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"="iLivid Installation "
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files\iLivid\ilivid.exe"="ilivid.exe"

    Searching for "whitesmoke"
    No data found.

    Searching for "datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
    @="DataMngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
    @="DataMngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
    @="DataMngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
    @="C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}]
    "AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DATAMNGR"="C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    No data found.

    -= EOF =-

  6. #16
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 6

    1. No problem with instructions
    Hoever, we did not disableAnti-virus, Step 4, as we were not sure that it was real time protection
    2. I do not believe that we created GoToAssist
    3. and 4. We were able to download these.
    Thank you for your help
    Bruce

  7. #17
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Thank you for the logs and update. I hope you enjoyed your Xmas Day and Boxing Day festivities.

    Please confirm whether or not you were able to uninstall the following programs without any problems:
    AOL Install
    Paretologic File Cure
    Uniblue RegistryBooster
    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Create System Restore Point

    We will be making changes to the Registry again. Please create another System Restore Point following the instructions for Step 1 in my previous post before continuing any further.

    Step 2:
    Uninstall Programs

    If you haven't already done so, please remove the following programs as instructed below:

    1. Select Start > Control Panel > Programs > Programs and Features.
    2. Under the Programs heading, click on Uninstall a program.
    3. Scroll down the list of installed programs and locate the following program:
      AOL Install
      GoToAssist 8.0.0.514
      Paretologic File Cure
      Uniblue RegistryBooster
    4. Right-click on Uninstall to uninstall it.
    5. Repeat steps 3 - 4 for each program in the list.
    6. When finished Close the Control Panel window.
    7. Restart the computer to complete removal of the program.
    8. Please confirm that the programs have been successfully removed in your next post.

    Step 3:
    OTL - Script

    Next we need to run another OTL script.

    **IMPORTANT** Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan as follows:

    Temporarily Disable Norton 360 Realtime Protection:
    1. Right-click the Norton icon on your Windows application tray.
    2. View the Norton 360 Control Panel that displays. You will see the Firewall enabled and Auto Protect enabled menu options checked.
    3. Un-check the Firewall and Autoprotect options to temporarily disable Norton.
    4. You will then be asked to select a time-frame for disabling the automatic protective services
    5. You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until System Restart, Permanently.
    6. Choose Until System Restart and then save the changes.
      Note: If you choose forever, you will need to manually enable Norton 360 protective services at a future time.

    1. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the following code into the textbox. Do not include the word Code.
      Code:
      :reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
      [-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
      [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"=-
      "C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"=-
      "C:\Program Files\iLivid\ilivid.exe"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
      "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D]
      "2B1E51D87B2D71A44BB42DDD5E894160"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701]
      "2B1E51D87B2D71A44BB42DDD5E894160"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E]
      "2B1E51D87B2D71A44BB42DDD5E894160"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
      "{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
      "{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="-
      "{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
      [-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
      [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"=-
      "C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"=-
      "C:\Program Files\iLivid\ilivid.exe"=-
      [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      "C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"=-
      "C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"=-
      "C:\Program Files\iLivid\ilivid.exe"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DATAMNGR"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
      "{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
      "{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
      "{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
      
      :files
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk
      C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk
      C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}
      C:\Users\Public\Desktop\iLivid Download Manager.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid
      C:\Program Files\iLivid
      C:\Program Files\Windows iLivid Toolbar
      ipconfig /flushdns /c
      
      :commands
      [emptytemp]
      [resethosts]
    3. Then click the Run Fix button at the top.
    4. Click .
    5. OTL should ask to reboot the machine. Please do so if asked.
    6. The report should appear in Notepad after the reboot.
    7. Please Copy and Paste the contents of that report into your next reply.

    Step 4:
    SystemLook

    We need to run another check to make sure nothing is left over.

    1. Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
      Alternate download site.
    2. Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
    4. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    5. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    6. Please post the contents of the SystemLook.txt file in your next reply.

    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Have all the following programs been successfully uninstalled?
      AOL Install
      GoToAssist 8.0.0.514
      Paretologic File Cure
      Uniblue RegistryBooster
    3. OTL.txt.
    4. SystemLook.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  8. #18
    Member
    Join Date
    Dec 2011
    Posts
    30

    Smile Scolabar ,Sucess ( I think) and Happy New Year

    Step 5 ,1. No problems
    2.;AOL Install, Go to Assist 8.0.0514,Paretologic File cure and Uniblue Reg. Booster all successfully uninstalled.
    3.OTL.txt , done
    4. System Look ,txt. done
    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:56 on 27/12/2011 by Bruce
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

    Searching for "*Searchqu*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952

    Searching for "*iLivid*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [15:52 12/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [15:52 12/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [15:52 12/12/2011] [15:52 12/12/2011] BB2864E331DB1BA31D424C2571333C6E
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat --a--c- 225 bytes [15:52 12/12/2011] [15:52 12/12/2011] 28707D5C41928D3463F7379C09AEF8AD
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe --a--c- 3002188 bytes [15:52 12/12/2011] [10:22 06/12/2011] 190C64038FC1B7F407C9440970796660
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.lnk --a--c- 0 bytes [15:52 12/12/2011] [15:52 12/12/2011] D41D8CD98F00B204E9800998ECF8427E
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.msi --a--c- 290816 bytes [15:52 12/12/2011] [10:22 06/12/2011] 124EA05DAF45A65251AE088E794FCC6A
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par --a--c- 1493 bytes [15:52 12/12/2011] [15:52 12/12/2011] 545DE9BE9EF6B67297A5CC14E3C900A4
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res --a--c- 2459440 bytes [15:52 12/12/2011] [10:22 06/12/2011] 0F1F6441CD4452A373C49CF6CC22BBB4
    C:\_OTL\MovedFiles\12272011_185541\C_Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [15:52 12/12/2011] [15:52 12/12/2011] 84CD79C2BEC432B29CC4FDC24B5CE7B1

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [15:52 12/12/2011] [10:17 06/12/2011] A66079777083006EA2EB658205FA2780
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [15:52 12/12/2011] [10:17 06/12/2011] D8B3EB0A5B5FDBC1609E4E2B66CE3F93

    Searching for "*trolltech*"
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchqu*"
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchquband d------ [15:53 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchqutoolbar d------ [15:52 12/12/2011]

    Searching for "*iLivid*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\Local\Ilivid Player d------ [15:53 12/12/2011]
    C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [15:52 12/12/2011]

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [15:52 12/12/2011]
    C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\DataMngr d------ [15:53 12/12/2011]

    Searching for "*trolltech*"
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    "@"="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    "@"="ISearchQueryHelper"

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    No data found.

    Searching for "datamngr"
    No data found.

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    No data found.

    -= EOF =-



    OTL logfile created on: 12/21/2011 7:45:35 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.84% Memory free
    4.11 Gb Paging File | 2.61 Gb Available in Paging File | 63.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.79 Gb Total Space | 108.17 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

    Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
    PRC - [2011/12/06 05:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    PRC - [2011/11/15 06:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    PRC - [2011/11/12 12:49:09 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
    PRC - [2011/01/05 20:21:00 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    PRC - [2010/10/12 12:21:30 | 001,693,464 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
    PRC - [2009/02/18 23:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
    PRC - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
    PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/31 08:37:30 | 000,088,976 | ---- | M] () -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll
    MOD - [2011/10/14 14:51:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/13 20:38:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/13 20:38:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 20:37:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/10/13 20:37:27 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
    MOD - [2011/10/13 20:37:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
    MOD - [2011/10/13 20:37:19 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
    MOD - [2011/10/13 20:36:54 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
    MOD - [2011/10/13 20:36:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
    MOD - [2011/10/13 20:36:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/13 20:35:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/12/23 07:33:30 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll
    MOD - [2010/08/14 10:58:52 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2008/08/24 18:23:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/02/25 15:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
    SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/03 08:35:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.019\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/12/03 08:35:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/12/03 08:35:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.019\NAVENG.SYS -- (NAVENG)
    DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/11/09 05:53:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/10/15 14:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/10/14 21:43:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111220.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFVsp.sys -- (GzOFVsp)
    DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFMdm.sys -- (GzOFMdm)
    DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFBus.sys -- (GzOFBus)
    DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2006/12/07 23:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/19 04:54:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/21 06:45:21 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{936F5662-F742-42F8-9394-D480B27297A0}: DhcpNameServer = 192.168.1.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/21 19:42:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
    [2011/12/16 07:57:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/12/16 07:57:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/12/16 07:57:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/16 07:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/16 07:57:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/16 07:57:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/15 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/15 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/15 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/12/15 10:30:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/15 10:30:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/15 10:30:15 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/15 10:30:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/15 10:30:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/15 10:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/12 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (3)
    [2011/12/12 10:53:32 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Ilivid Player
    [2011/12/12 10:52:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
    [2011/12/12 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
    [2011/12/12 10:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
    [2011/12/12 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
    [2011/12/06 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder
    [2011/11/29 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (2)
    [2008/09/06 13:06:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
    [2008/09/06 13:06:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
    [2008/09/06 13:06:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
    [2008/09/06 13:06:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
    [2008/09/06 13:06:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
    [2008/09/06 13:06:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
    [2008/09/06 13:06:41 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
    [2008/09/06 13:06:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
    [2008/09/06 13:06:37 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
    [2008/09/06 13:06:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
    [2008/09/06 13:06:32 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
    [2008/09/06 13:06:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
    [2008/09/06 13:06:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
    [2008/09/06 13:06:29 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
    [2011/12/21 19:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/21 19:00:03 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
    [2011/12/21 18:45:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/21 18:45:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/21 18:00:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/12/21 16:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/21 14:00:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/12/21 06:51:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/21 06:51:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/21 06:48:44 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
    [2011/12/21 06:48:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
    [2011/12/21 06:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/20 22:53:28 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/12/20 17:55:24 | 024,664,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/12/20 17:55:23 | 047,326,208 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/12/16 08:17:58 | 000,313,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/15 19:04:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/12 10:52:36 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
    [2011/12/09 22:08:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bruce.job
    [2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/12/02 08:34:49 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\Documents\ATT00682.jpg
    [2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/12/01 15:10:01 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
    [2011/11/29 18:56:44 | 000,144,448 | ---- | M] () -- C:\Users\Bruce\Desktop\100_9973.jpg
    [2011/11/29 18:56:44 | 000,139,387 | ---- | M] () -- C:\Users\Bruce\Desktop\101_0126.jpg
    [2011/11/29 18:56:44 | 000,081,941 | ---- | M] () -- C:\Users\Bruce\Desktop\101_0641.jpg
    [2011/11/27 21:01:06 | 000,145,530 | ---- | M] () -- C:\Users\Bruce\Desktop\100_0524.jpg
    [2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/15 19:04:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/12 10:52:36 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
    [2011/12/02 08:34:48 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\Documents\ATT00682.jpg
    [2011/11/29 18:56:44 | 000,144,448 | ---- | C] () -- C:\Users\Bruce\Desktop\100_9973.jpg
    [2011/11/29 18:56:44 | 000,139,387 | ---- | C] () -- C:\Users\Bruce\Desktop\101_0126.jpg
    [2011/11/29 18:56:44 | 000,081,941 | ---- | C] () -- C:\Users\Bruce\Desktop\101_0641.jpg
    [2011/11/27 21:01:06 | 000,145,530 | ---- | C] () -- C:\Users\Bruce\Desktop\100_0524.jpg
    [2011/05/18 16:59:52 | 000,001,940 | ---- | C] () -- C:\Users\Bruce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/09/16 18:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/16 18:25:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2008/11/17 17:34:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/09/06 13:08:36 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
    [2008/09/06 13:08:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
    [2008/09/06 13:07:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
    [2008/09/06 13:06:45 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
    [2008/09/06 13:06:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
    [2008/09/06 13:06:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
    [2008/09/06 13:06:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
    [2008/09/06 13:06:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
    [2008/09/06 13:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
    [2008/09/06 13:06:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
    [2008/09/06 13:06:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
    [2008/09/06 13:06:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
    [2008/02/21 19:41:24 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
    [2008/02/19 21:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
    [2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
    [2007/12/12 20:32:40 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
    [2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
    [2007/10/13 08:29:19 | 000,033,792 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/13 08:21:35 | 000,002,714 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/04/28 13:41:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
    [2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,313,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

    ========== LOP Check ==========

    [2008/03/30 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
    [2010/12/10 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PCDr
    [2009/01/29 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Skinux
    [2010/08/15 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Tific
    [2011/01/05 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Uniblue
    [2011/06/12 02:56:52 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job
    [2011/12/21 06:48:44 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
    [2011/12/21 18:00:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2011/04/01 04:43:00 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2011/12/21 06:48:44 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
    [2011/12/20 22:53:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/12/21 14:00:09 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
    [2010/09/03 20:24:56 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40FFB3E6-5C62-43BA-803E-82D3168ED07A}.job
    [2011/12/21 19:00:03 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 804 bytes -> C:\Users\Bruce\Documents\Fwd_ [Fwd_ FW_ S.Y.B.S.T.D.].eml:OECustomProperty

    < End of report >
    Thank You again for all of your patience and excellent help. Bruce

  9. #19
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Thank you for the logs and feedback.

    Unfortunately, it looks like you have somehow posted an old OTL scan log instead of the OTL fix log. I'll deal with that in due course.
    However, it looks like you must have run the OTL fix as the SystemLook log you posted confirms that the outstanding items uncovered so far appear to have been dealt with. Well done.

    Please stick with me as there is still some work to be done before the computer can be declared clear of malware.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Create System Restore Point

    Please create another System Restore Point following the instructions previously posted before continuing any further.

    Step 2:
    Malwarebytes' Anti-Malware

    Please save any items you have been working on and close any open programs. You may be asked to reboot your machine.

    1. Please download Malwarebytes' Anti-Malware and Save to your Desktop.
    2. Right-click on mbam-setup.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Then follow the prompts to install the program.
    4. At the end, be sure to place a checkmark next to the following options:
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
    5. Then click on the Finish button.
    6. If an update is found, it will download and install the latest version.
    7. Once the program has loaded, select the Perform Quick Scan option and then click on the Scan button.
    8. When the scan is complete, click on OK button.
    9. Then on the Show Results button to view the results.
    10. Check all items except items in the C:\System Volume Information folder and then click on the Remove Selected button.
      The System Volume Information items will be taken care of later.
    11. When the removal has been completed, a log report will open in Notepad and you may be prompted to restart your computer. (See Note below).
    12. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    13. Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply and exit MBAM.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either prompt and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Step 3:
    OTL - Scan

    Please run another OTL scan as follows:

    1. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Under Output, ensure that the Standard Output option is selected.
    3. Under the Extra Registry section, select the Use SafeList option.
    4. Click the Scan All Users checkbox.
      Note: Please leave the remaining selections on the default settings.
    5. Click the LOP Check and Purity Check checkboxes.
    6. Then click on the Run Scan button in the top left-hand corner of the program window.
    7. When done, two Notepad files will automatically open:
      • OTL.txt <-- Will be opened, maximized.
      • Extras.txt <-- Will be minimized on task bar.
    8. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

    Step 4:
    SystemLook

    1. Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      12*2011_*.log
    3. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    4. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    5. Please Copy and Paste the entire contents of the SystemLook.txt file into your next reply.

    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. mbam-log-date (time).txt.
    3. OTL.txt.
    4. Extras.txt.
    5. SystemLook.txt.
    6. How is the computer now running?
    7. Have the web browser redirects stopped?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  10. #20
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Hi and thanks for your patience.

    Hi Scolabar ., Thanks for the next step ,but I won't be able to do it until tommorow eve. I'll get back to you then ., Thanks, Bruce

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •