Search Engine Redirect Virus w/ Google

[jayescee316]

Hi,

I've recently gotten a possible virus where I search something on Google, click on a link, and then having been redirected to another website that is not relevant to what I wanted. The virus has got serious where I now have to be on SAFE MODE to be able to use the internet cause it has totally cut me off when its on normal mode.

Thanks!


DDS Log (not sure if correct since I did it on Safe Mode):

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by User at 21:20:09 on 2012-01-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.766 [GMT -8:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
BHO: {1252b80d-9470-4041-839c-c4551fdb1a1d} - c:\documents and settings\user\local settings\application data\ServiceSys32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Policies Update] rundll32 "c:\documents and settings\user\local settings\application data\adobe\adobeupdate\Adobeup.dll",DllRegisterServer
uRun: [DisplayBackupBackup] rundll32.exe "c:\documents and settings\all users\application data\DisplayBackupBackup.dll",DllRegisterServer
uRun: [GNU Update] rundll32 "c:\documents and settings\user\local settings\application data\temp\tempupdate\Tempup.dll",DllRegisterServer
uRun: [Privacy Protection] c:\documents and settings\all users\application data\privacy.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\user\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{6C8BC5C1-AACB-4CE1-962C-FC33BB5BFF43} : DhcpNameServer = 68.87.76.182 68.87.78.134
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
AppInit_DLLs:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\od56xxqk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-8-17 188272]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-8-17 64080]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-11-08 05:09:17 842752 ----a-w- c:\documents and settings\all users\application data\privacy.exe
2011-11-07 00:14:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-06 06:13:31 0 ---ha-w- c:\documents and settings\user\jecownkgxo.tmp
2011-10-29 06:50:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 06:49:49 339968 ----a-w- c:\documents and settings\all users\application data\DisplayBackupBackup.dll
.
============= FINISH: 21:20:31.39 ===============

[vict0r]

Hello.

My nickname is vict0r and I will help you with the malware issues on your computer.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

To make cleaning this machine easier:

• Continue to respond to this thread until I I tell you that the logs are clean!
• Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
• Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
• Please follow all instructions in the order posted.
• If you have any questions or do not understand instructions, please ask before continuing.
• Please reply to this thread. Do not start a new topic.
• Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

I am currently reviewing your log and will return, as soon as possible, with further instructions.

Meanwhile please answer this question:
Do you have another computer/device to access the internet?

[jayescee316]

Yes, I do have another computer that can be access to the internet.

Thanks for helping me out vict0r!

[vict0r]

Please run the scans below and post the logs. Please use one reply per log.

CKScanner

Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is saved directly on your desktop before running the application!

1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
   A text file will be created on your desktop named "ckfiles.txt"
3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
4. Please copy/paste the contents of ckfiles.txt in your next reply.

Scan with WVCheck:

Please download WVCheck and save it to the desktop.

• Double click on WVCheck.exe and follow the prompts.
• The scan may take some time depending on the Hard-Drive size.
• Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.

Remember to post:

• CKScanner log.
• WVCheck log.

[jayescee316]

Should I be posting the logs in the infected computer on SAFE MODE?

[vict0r]

Yes, please. Start the computer in safe mode with networking and access this topic to download the programs. Do not use a usb stick or similar to transfer files to your existing computer.

[jayescee316]

CKScanner and WVCheck both did not find anything

CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.PVAAKL
----- EOF -----

WVCheck log:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1144_07-01-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2
Windows Mode: Safe Mode with Networking
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-11-07 19:52:24
Last Success Time for Update Download: 2011-10-13 00:00:13
Last Success Time for Update Installation: 2011-10-14 05:59:38


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b409909f6e2e8a7067076ed748abf1e7


-------- End of File, program close at 1145_07-01-2012 --------

[vict0r]

If you do not follow the instructions exactly as given, it will complicate the process and cause significant delays. All scans and fixes must be run only once if not specifically requested.

It's not recommended to use a computer in safe mode with networking, however this is needed in this case to run the scans and fixes. I recommend that you keep the computer shut off while not performing the scans and fixes as instructed. Start your computer in safe mode with networking again.


Uninstall misc programs

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.

• Click on Start > Run.
• In the open text box copy/paste appwiz.cpl Then click Ok.
• Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:
  
  Java(TM) 6 Update 22
  Windows iLivid Toolbar
  

Continue with the next step even if iLivid does not disappear.


Back up the registry with Erunt

• Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
• Click on OK within the pop-up menu.
• In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  
  • System registry.
  • Current user registry.
• Next click on "OK"... at the prompt... reply "Yes".
  After a short duration the Registry backup is complete! pop-up message will appear.
• Now click on "OK". A registry backup has now been created.

Please stop following these instructions if the registry backup failed. Post back instead.


Download custom OTL script

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop as location, and choose to save as the filename :Fix.txt
SQWinXP_x32.TXT


OTL

Please download OTL.exe by OldTimer and save it to your desktop.

• Double Click the OTL icon to start the program.
• Click the Run Fix button at the top.
• You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
• When the Open dialog comes up, Navigate to the Desktop, click to highlight the file named Fix.txt and click Open
• Some text will appear in the Custom scans/Fixes box.
• Click the Run Fix button.
• Let the program run unhindered and reboot the PC when it is done.
  When the computer Reboots, and you start your usual account, a Notepad text file will appear.
• Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy and paste the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  *Fun4IM*
  *Bandoo*
  *Searchqu*
  *iLivid*
  *whitesmoke*
  *datamngr*
  *trolltech*
  
  :folderfind
  *Fun4IM*
  *Bandoo*
  *Searchqu*
  *iLivid*
  *whitesmoke*
  *datamngr*
  *trolltech*
  
  :Regfind
  Fun4IM
  Bandoo
  Searchqu
  iLivid
  whitesmoke
  datamngr
  kelkoopartners
  trolltech

• Click the Look button to start the scan.
  Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


ESET Online Scanner

You can use either Internet Explorer or Mozilla FireFox for this scan.

• Please open the following link in a new window:
  ESET Online Scanner
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed downloading, the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When the scan is completed, use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.
• Back in the scanner window, make sure Uninstall application on close is not selected.
• Now click on:

Remember to post:

• OTL log
• SystemLook log
• Eset log.

[jayescee316]

I think I mistakenly did something wrong.

OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File pInit_DLLs: not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File pInit_DLLs: not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs not found.
========== FILES ==========
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml not found.
File/Folder C:\Documents and Settings\User\Application Data\searchquband not found.
File/Folder C:\Documents and Settings\User\Application Data\searchqutoolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 1097767 bytes
->Temporary Internet Files folder emptied: 593797 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_135617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[jayescee316]

SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:00 on 08/01/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\WINDOWS\Prefetch\TB_SEARCHQU.EXE-2F87F767.pf --a---- 16878 bytes [02:27 11/10/2011] [02:27 11/10/2011] 67A5F92627EE2CD4CB69F82CCC28337E
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-1621BC2D.pf --a---- 42786 bytes [02:27 11/10/2011] [02:27 11/10/2011] E5A29D95A347EEFF04CDDE06BD3F50B9
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-20430D07.pf --a---- 54446 bytes [02:24 11/10/2011] [02:27 11/10/2011] DE92B73C5C7DBE84C2491258A63D9EED

Searching for "*iLivid*"
C:\Documents and Settings\User\My Documents\Downloads\iLividSetupV1(1).exe --a---- 2108336 bytes [02:26 11/10/2011] [02:26 11/10/2011] 378D3A865E52755DBA1DFE596D36829C
C:\Documents and Settings\User\My Documents\Downloads\iLividSetupV1.exe --a---- 2108336 bytes [02:23 11/10/2011] [02:23 11/10/2011] 378D3A865E52755DBA1DFE596D36829C
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\ILIVID.EXE-0178C79C.pf --a---- 54736 bytes [02:25 11/10/2011] [02:28 11/10/2011] 71CA02F182B36E59C5425CEFE09A69D5
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-0B1DF591.pf --a---- 24576 bytes [02:23 11/10/2011] [02:27 11/10/2011] 17D54861B92169B76301863BDAD9E457
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-0DA1111D.pf --a---- 28414 bytes [02:23 11/10/2011] [02:23 11/10/2011] 139DD6EAC66F21D23D331A869602D137
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-23B2BDB7.pf --a---- 38288 bytes [02:26 11/10/2011] [02:26 11/10/2011] 15F873F163D47B66B9C8582F228464A9
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-36E1ED3D.pf --a---- 53102 bytes [02:31 11/10/2011] [02:31 11/10/2011] 0E49F70C75E0A1604A169321655AA350

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\01082012_135150\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-20430D07.pf --a---- 54446 bytes [02:24 11/10/2011] [02:27 11/10/2011] DE92B73C5C7DBE84C2491258A63D9EED

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\od56xxqk.default\searchqutoolbar d------ [02:27 11/10/2011]
C:\_OTL\MovedFiles\01082012_135150\C_Documents and Settings\User\Application Data\searchqutoolbar d------ [02:27 11/10/2011]

Searching for "*iLivid*"
C:\Documents and Settings\User\Local Settings\Application Data\Ilivid Player d------ [02:25 11/10/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\User\My Documents\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\User\LOCALS~1\Temp\mia10E5.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\User\LOCALS~1\Temp\mia110E.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\All Users\Application Data\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-1275210071-1614895754-682003330-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\User\My Documents\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-1275210071-1614895754-682003330-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\User\LOCALS~1\Temp\mia10E5.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-1275210071-1614895754-682003330-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-1275210071-1614895754-682003330-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\User\LOCALS~1\Temp\mia110E.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-1275210071-1614895754-682003330-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\All Users\Application Data\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"="iLivid Installation "

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAAFC13F-5D79-43FC-AEEA-1DBB5BE91658}]
"AppPath"="C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-