ilivid Toolbar

Status
Not open for further replies.
System look

SystemLook 30.07.11 by jpshortstuff
Log created at 20:52 on 15/05/2014 by Roger
Administrator - Elevation successful

========== folderfind ==========

Searching for "ilivid"
C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid d------ [14:09 24/02/2014]

========== filefind ==========

Searching for "ilivid"
No files found.

========== regfind ==========

Searching for "ilivid"
[HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences]
"LastImport0"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid\"
[HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences]
"SaveFile"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid\"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="ilivid.toolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="ilivid.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="ilivid toolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid1.jpg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"a"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid1.jpg"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Documents and Settings\Roger\Local Settings\Application Data\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Documents and Settings\Roger\Local Settings\Application Data\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup[1].exe]
[HKEY_USERS\.DEFAULT\Software\ilividtoolbarguid]
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Google\Picasa\Picasa2\Preferences]
"LastImport0"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid\"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Google\Picasa\Picasa2\Preferences]
"SaveFile"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid\"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="ilivid"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="ilivid.toolbar"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="ilivid.exe"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="ilivid toolbar"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid1.jpg"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"a"="C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid1.jpg"
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Documents and Settings\Roger\Local Settings\Application Data\iLivid]
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Documents and Settings\Roger\Local Settings\Application Data\iLivid]
[HKEY_USERS\S-1-5-18\Software\ilividtoolbarguid]

-= EOF =-
 
Were going to make some changes to your registry so you need to back it up first

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
TCRB-1.jpg


  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
TBRB-2.jpg


  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.







Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL


:Services

:Reg
[HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences]
"LastImport0"=""
[HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences]
"SaveFile"=""
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=""
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=""
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"002"=""
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"003"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"a"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup[1].exe]
[-HKEY_USERS\.DEFAULT\Software\ilividtoolbarguid]
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Google\Picasa\Picasa2\Preferences]
"LastImport0"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Google\Picasa\Picasa2\Preferences]
"SaveFile"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"002"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"003"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"=""
[HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"a"=""
[-HKEY_USERS\S-1-5-18\Software\ilividtoolbarguid]
[-HKEY_CURRENT_USER\Software\ilivid]
[-HKEY_LOCAL_MACHINE\Software\ilivid]

:Files
C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid
C:\Documents and Settings\Roger\Local Settings\Application Data\iLivid


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
Otl

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences\\"LastImport0"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences\\"SaveFile"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\"000"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\"001"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\"002"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\"003"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\\"e"|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg\\"a"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup[1].exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\ilividtoolbarguid\ deleted successfully.
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Google\Picasa\Picasa2\Preferences\\"LastImport0"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Google\Picasa\Picasa2\Preferences\\"SaveFile"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603\\"000"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603\\"001"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603\\"002"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603\\"003"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\\"e"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg\\"a"|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\ilividtoolbarguid\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\ilivid\ not found.
========== FILES ==========
C:\Documents and Settings\Roger\My Documents\My Pictures\ilivid folder moved successfully.
File\Folder C:\Documents and Settings\Roger\Local Settings\Application Data\iLivid not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66067 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Roger
->Temp folder emptied: 1233955 bytes
->Temporary Internet Files folder emptied: 42104909 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 387662650 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3026 bytes

User: Roр

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29975 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3329630 bytes

Total Files Cleaned = 414.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05162014_115322

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Good,

When you use any of your browsers , IE, Firefox or Chrome to you see any trace of ilivid ?
 
ilivid

Hi Ken, no I don't see any ilivid in the browser. I checked spy bot today and it appears that it has been puttying ilivid in quarantine.

Do you think I'm OK now? Regards.
 
Spybot

Hi Ken, yes 1 item dated 20, May 2013, which is in quarantine, but am unable to purge it, the system comes up saying can't delete it.
 
Can you take a snapshot of the quarantine folder so I can see what it is, as a side note if its in quarantine it cant hurt you, not sure why it wont delete
 
Hi,

Thats not what i was really looking for, I was looking for a path to the files that it wont let you delete so we could try removing them manually

Can you open up the Quarantine folder that shows the files in Quarantine and take a snapshot of that

Run another scan with Spybot and post the log and lets see if we can see them
 
Last edited:
Hi Ken this is the log for the quarantine

2014-05-18 11:51:59 Quarantine: Start purge selected items...
2014-05-18 11:52:02 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-05-12 12:29:52
2014-05-18 11:52:05 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-05-12 12:29:11
2014-05-18 11:52:08 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-04-26 19:46:37
2014-05-18 11:52:08 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-04-26 19:43:59
2014-05-18 11:52:09 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-04-21 18:15:54
2014-05-18 11:52:10 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-04-21 18:15:36
2014-05-18 11:52:10 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-04-21 18:14:19
2014-05-18 11:52:11 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-03-15 14:39:20
2014-05-18 11:52:12 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-03-15 14:39:04
2014-05-18 11:52:12 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-03-06 15:24:53
2014-05-18 11:52:18 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-25 12:12:34
2014-05-18 11:52:19 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-25 12:12:28
2014-05-18 11:52:19 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-25 12:10:21
2014-05-18 11:52:20 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-25 12:09:23
2014-05-18 11:52:20 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-25 12:08:27
2014-05-18 11:52:21 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-24 16:30:06
2014-05-18 11:52:22 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-24 15:11:01
2014-05-18 11:52:22 Quarantine: Purged ilivid.Toolbar: All detected items of product - 2014-02-24 15:10:24
[-] 2014-05-18 11:52:23 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-18 11:52:26 Quarantine: Finished purge selected items.
2014-05-18 11:52:44 Quarantine: Start purge selected items...
[-] 2014-05-18 11:52:46 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-18 11:52:48 Quarantine: Finished purge selected items.
2014-05-18 11:52:56 Quarantine: Start purge selected items...
2014-05-18 11:52:56 Quarantine: Finished purge selected items.
2014-05-18 11:52:57 Quarantine: Start purge selected items...
2014-05-18 11:52:57 Quarantine: Finished purge selected items.
2014-05-18 11:52:58 Quarantine: Start purge selected items...
2014-05-18 11:52:58 Quarantine: Finished purge selected items.
2014-05-18 11:52:59 Quarantine: Start purge selected items...
2014-05-18 11:52:59 Quarantine: Finished purge selected items.
2014-05-18 11:52:59 Quarantine: Start purge selected items...
2014-05-18 11:52:59 Quarantine: Finished purge selected items.
2014-05-18 11:53:00 Quarantine: Start purge selected items...
2014-05-18 11:53:00 Quarantine: Finished purge selected items.
2014-05-18 11:53:00 Quarantine: Start purge selected items...
2014-05-18 11:53:00 Quarantine: Finished purge selected items.
2014-05-18 11:53:01 Quarantine: Start purge selected items...
2014-05-18 11:53:01 Quarantine: Finished purge selected items.
2014-05-18 11:53:05 Quarantine: Start purge selected items...
2014-05-18 11:53:07 Quarantine: Purged Cache: All detected items of product - 2014-05-13 19:31:56
2014-05-18 11:53:07 Quarantine: Finished purge selected items.
2014-05-18 11:55:37 Quarantine: Start purge selected items...
2014-05-18 11:55:40 Quarantine: Purged Zedo: All detected items of product - 2014-04-26 19:45:40
2014-05-18 11:55:42 Quarantine: Purged Zedo: All detected items of product - 2014-04-26 19:44:12
2014-05-18 11:55:42 Quarantine: Purged Windows: All detected items of product - 2014-05-13 19:31:55
2014-05-18 11:55:43 Quarantine: Purged Windows: All detected items of product - 2014-05-13 14:45:18
2014-05-18 11:55:44 Quarantine: Purged Windows: All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-04-26 19:45:52
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-04-26 19:44:38
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-04-21 18:14:55
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-03-15 14:40:35
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-03-15 14:39:15
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-03-06 15:25:53
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-02-25 12:08:36
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-02-24 15:10:36
2014-05-18 11:55:45 Quarantine: Purged Windows: All detected items of product - 2014-05-17 19:36:05
2014-05-18 11:55:45 Quarantine: Purged Windows.OpenWith: All detected items of product - 2014-05-17 19:36:05
2014-05-18 11:55:45 Quarantine: Purged Windows Explorer: All detected items of product - 2014-05-13 19:31:55
2014-05-18 11:55:45 Quarantine: Purged Windows Explorer: All detected items of product - 2014-05-13 14:45:20
2014-05-18 11:55:45 Quarantine: Purged Windows Explorer: All detected items of product - 2014-05-12 12:29:19
2014-05-18 11:55:45 Quarantine: Purged Windows Explorer: All detected items of product - 2014-04-26 19:45:52
2014-05-18 11:55:45 Quarantine: Purged Windows Explorer: All detected items of product - 2014-04-26 19:44:39
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-04-21 18:14:55
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-03-15 14:40:35
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-03-15 14:39:15
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-03-06 15:25:55
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-02-25 12:08:36
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-02-24 15:10:36
2014-05-18 11:55:46 Quarantine: Purged Windows Explorer: All detected items of product - 2014-05-17 19:36:05
2014-05-18 11:55:46 Quarantine: Purged Statcounter: All detected items of product - 2014-05-17 19:35:59
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-05-13 14:45:17
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-04-26 19:45:52
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-04-26 19:44:36
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-04-21 18:14:54
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-03-15 14:40:35
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-03-15 14:39:15
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-03-06 15:25:52
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-02-25 12:08:35
2014-05-18 11:55:46 Quarantine: Purged MS Office 12.0 (Word): All detected items of product - 2014-02-24 15:10:36
2014-05-18 11:55:46 Quarantine: Purged MS DirectInput: All detected items of product - 2014-05-13 19:31:55
2014-05-18 11:55:46 Quarantine: Purged MS DirectInput: All detected items of product - 2014-05-13 14:45:15
2014-05-18 11:55:46 Quarantine: Purged MS DirectInput: All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-05-13 14:45:15
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-04-26 19:45:52
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-04-26 19:44:34
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-04-21 18:14:54
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-03-15 14:40:35
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-03-15 14:39:15
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-03-06 15:25:50
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-02-25 12:08:35
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-02-24 15:10:36
2014-05-18 11:55:46 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-05-17 19:36:05
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-05-13 19:31:54
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-05-13 14:45:11
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-04-26 19:45:52
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-04-26 19:44:30
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-04-21 18:14:54
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-03-15 14:40:34
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-03-15 14:39:14
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-03-06 15:25:48
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-02-25 12:08:35
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-02-24 15:10:35
2014-05-18 11:55:47 Quarantine: Purged MS Direct3D: All detected items of product - 2014-05-17 19:36:05
2014-05-18 11:55:47 Quarantine: Purged MediaPlex: All detected items of product - 2014-04-26 19:45:39
2014-05-18 11:55:47 Quarantine: Purged MediaPlex: All detected items of product - 2014-04-26 19:44:07
2014-05-18 11:55:47 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-05-13 19:31:48
2014-05-18 11:55:47 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-05-13 14:43:57
2014-05-18 11:55:47 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-05-12 12:29:12
2014-05-18 11:55:47 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-04-26 19:45:26
2014-05-18 11:55:47 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-04-26 19:44:00
2014-05-18 11:55:47 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-05-17 19:35:50
2014-05-18 11:55:47 Quarantine: Purged Internet Explorer: All detected items of product - 2014-05-13 14:45:07
2014-05-18 11:55:47 Quarantine: Purged Internet Explorer: All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:55:47 Quarantine: Purged Internet Explorer: All detected items of product - 2014-03-15 14:40:34
2014-05-18 11:55:47 Quarantine: Purged Internet Explorer: All detected items of product - 2014-03-15 14:39:14
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-05-13 19:31:57
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-05-13 14:45:53
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-04-26 19:45:53
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-04-26 19:45:18
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-03-15 14:40:36
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-03-06 15:26:09
2014-05-18 11:55:47 Quarantine: Purged History: All detected items of product - 2014-02-25 12:08:38
2014-05-18 11:55:48 Quarantine: Purged History: All detected items of product - 2014-05-17 19:36:06
2014-05-18 11:55:48 Quarantine: Purged FastClick: All detected items of product - 2014-05-17 19:35:59
2014-05-18 11:55:48 Quarantine: Purged DoubleClick: All detected items of product - 2014-05-13 14:44:01
2014-05-18 11:55:48 Quarantine: Purged DoubleClick: All detected items of product - 2014-05-12 12:29:12
2014-05-18 11:55:48 Quarantine: Purged DoubleClick: All detected items of product - 2014-04-26 19:45:39
2014-05-18 11:55:48 Quarantine: Purged DoubleClick: All detected items of product - 2014-04-26 19:44:01
2014-05-18 11:55:48 Quarantine: Purged DoubleClick: All detected items of product - 2014-05-17 19:35:52
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-05-13 19:31:57
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-05-13 14:45:22
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-05-12 12:29:19
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-04-26 19:45:53
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-04-26 19:44:42
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-04-21 18:14:56
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-03-15 14:40:36
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-03-15 14:39:16
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-03-06 15:25:58
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-02-25 12:08:36
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-02-24 15:10:37
2014-05-18 11:55:48 Quarantine: Purged Cookie: All detected items of product - 2014-05-17 19:36:05
2014-05-18 11:55:48 Quarantine: Purged Common Dialogs: All detected items of product - 2014-05-13 19:31:48
2014-05-18 11:55:48 Quarantine: Purged Common Dialogs: All detected items of product - 2014-05-13 14:44:44
2014-05-18 11:55:49 Quarantine: Purged Common Dialogs: All detected items of product - 2014-05-12 12:29:13
2014-05-18 11:55:49 Quarantine: Purged Common Dialogs: All detected items of product - 2014-04-21 18:14:22
2014-05-18 11:55:49 Quarantine: Purged Common Dialogs: All detected items of product - 2014-03-06 15:25:02
2014-05-18 11:55:49 Quarantine: Purged Common Dialogs: All detected items of product - 2014-02-25 12:08:27
2014-05-18 11:55:49 Quarantine: Purged Common Dialogs: All detected items of product - 2014-02-24 15:10:25
2014-05-18 11:55:49 Quarantine: Purged Common Dialogs: All detected items of product - 2014-05-17 19:36:00
2014-05-18 11:55:49 Quarantine: Purged CasaleMedia: All detected items of product - 2014-04-26 19:45:39
2014-05-18 11:55:49 Quarantine: Purged CasaleMedia: All detected items of product - 2014-04-26 19:44:10
2014-05-18 11:55:49 Quarantine: Purged CasaleMedia: All detected items of product - 2014-05-17 19:35:57
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-05-13 14:45:27
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-05-12 12:29:20
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-04-26 19:45:53
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-04-26 19:44:48
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-04-21 18:14:58
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-03-15 14:40:36
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-03-15 14:39:17
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-03-06 15:26:05
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-02-25 12:08:37
2014-05-18 11:55:49 Quarantine: Purged Cache: All detected items of product - 2014-02-24 15:10:43
2014-05-18 11:55:49 Quarantine: Purged BurstMedia: All detected items of product - 2014-04-26 19:45:39
2014-05-18 11:55:49 Quarantine: Purged BurstMedia: All detected items of product - 2014-04-26 19:44:08
2014-05-18 11:55:49 Quarantine: Purged BurstMedia: All detected items of product - 2014-05-17 19:35:57
2014-05-18 11:55:49 Quarantine: Finished purge selected items.
2014-05-18 11:56:00 Quarantine: Start purge selected items...
2014-05-18 11:56:01 Quarantine: Purged Windows Media SDK: All detected items of product - 2014-05-12 12:29:19
2014-05-18 11:56:01 Quarantine: Purged MS Regedit: All detected items of product - 2014-05-12 12:29:18
2014-05-18 11:56:01 Quarantine: Finished purge selected items.
2014-05-18 11:56:05 Quarantine: Start purge selected items...
[-] 2014-05-18 11:56:08 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-18 11:56:44 Quarantine: Finished purge selected items.
2014-05-18 17:11:11 Quarantine: Start purge selected items...
2014-05-18 17:11:13 Quarantine: Purged Log: All detected items of product - 2014-05-18 17:08:50
2014-05-18 17:11:14 Quarantine: Purged Log: All detected items of product - 2014-05-13 19:31:49
2014-05-18 17:11:15 Quarantine: Purged Log: All detected items of product - 2014-05-13 14:44:51
2014-05-18 17:11:16 Quarantine: Purged Log: All detected items of product - 2014-05-12 12:29:14
2014-05-18 17:11:16 Quarantine: Purged Log: All detected items of product - 2014-04-26 19:45:40
2014-05-18 17:11:17 Quarantine: Purged Log: All detected items of product - 2014-04-26 19:44:18
2014-05-18 17:11:18 Quarantine: Purged Log: All detected items of product - 2014-04-21 18:14:26
2014-05-18 17:11:18 Quarantine: Purged Log: All detected items of product - 2014-03-15 14:39:20
2014-05-18 17:11:19 Quarantine: Purged Log: All detected items of product - 2014-03-15 14:39:06
2014-05-18 17:11:19 Quarantine: Purged Log: All detected items of product - 2014-03-06 15:25:15
2014-05-18 17:11:20 Quarantine: Purged Log: All detected items of product - 2014-02-25 12:08:28
2014-05-18 17:11:21 Quarantine: Purged Log: All detected items of product - 2014-02-24 15:10:26
2014-05-18 17:11:22 Quarantine: Purged Log: All detected items of product - 2014-05-17 19:36:00
[-] 2014-05-18 17:11:23 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-18 17:11:25 Quarantine: Finished purge selected items.
2014-05-18 17:13:13 Quarantine: Start purge selected items...
2014-05-18 17:13:21 Quarantine: Purged Windows: All detected items of product - 2014-05-18 17:08:56
2014-05-18 17:13:21 Quarantine: Purged Windows Explorer: All detected items of product - 2014-05-18 17:08:56
2014-05-18 17:13:21 Quarantine: Purged MS DirectDraw: All detected items of product - 2014-05-18 17:08:56
2014-05-18 17:13:21 Quarantine: Purged MS Direct3D: All detected items of product - 2014-05-18 17:08:56
2014-05-18 17:13:21 Quarantine: Purged Macromedia.FlashPlayer.Cookies: All detected items of product - 2014-05-18 17:08:50
2014-05-18 17:13:21 Quarantine: Purged Internet Explorer: All detected items of product - 2014-05-18 17:08:55
[-] 2014-05-18 17:13:21 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-18 17:13:21 Quarantine: Purged History: All detected items of product - 2014-05-18 17:09:31
2014-05-18 17:13:21 Quarantine: Purged Cookie: All detected items of product - 2014-05-18 17:08:56
2014-05-18 17:13:21 Quarantine: Purged Cache: All detected items of product - 2014-05-18 17:09:02
2014-05-18 17:13:23 Quarantine: Finished purge selected items.
2014-05-19 17:22:18 Quarantine: Start purge selected items...
[-] 2014-05-19 17:22:21 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-19 17:23:54 Quarantine: Finished purge selected items.
2014-05-19 17:24:11 Quarantine: Start purge selected items...
[-] 2014-05-19 17:24:13 Quarantine: Error purging! ilivid.Toolbar: All detected items of product - 2013-05-20 14:55:47
2014-05-19 17:24:16 Quarantine: Finished purge selected items.
 
See if you can empty the Quarantined items in Safemode, it looks like most of them where purged except for one ilivid, is that one ilivid entry the only one in the Quarantined folder ? if this doesn't work than I am going to ask a spybot helper as there more in tune to the inner workings of spybot than I am


Dont let this scare you , it wont do any damage, its just loads basic windows without all the drivers and what not, its a diagnostic mode , when your done just restart windows normally and you will be right back into regular windows



To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
 
Last edited:
Safe mode

Hi Ken, F8 does nothing. I have tried 4 times now, restart, turn off, and tap like no tomorrow on F8, all I get is a bit of an attempt to go into another window! If that makes sense? Ok the key board is about 13 years old, however, I have no problems with this keyboard, I use my machine quite alot. F8 never!! BTW, I ran spybot rootkit, and it came up with a long list, I went into my computer c drive and found zzz.zz.z when I open the file it is empty, ( there are many files, so I have not opened all)spybot came up with zzz.zz.z ?? It was much easier with the Telegram! Gasp. I hate computers.

Thanks for your time R
 
No problem, thats why where here

Not sure what Spybot found, lets double check, still waiting to hear back about purging your Spybot quarantine files


Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from Here
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
 
Hi,

You have to understand that I am not sitting in front of your computer with you, I am most likely 1000s of miles away, your my eyes and ears and I can only go by what you tell me, some of your replies are a bit vague.

1. What found one file and wont allow you to delete it....Malwarebytes Anti Rootkit ??????????

2. How is your system behaving now ? Any unwanted pop up windows, any browser redirects to sites that you do not want to go to, if so what browser is the culprit.
 
mbar-log text/system-log text Hi Ken here they are.

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roger :: NOBODY [administrator]

21/05/2014 12:46:07
mbar-log-2014-05-21 (12-46-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 209708
Time elapsed: 11 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 1064550400, free: 267317248

Downloaded database version: v2014.05.20.09
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A885AF5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 488375937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 1064550400, free: 405786624

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 1064550400, free: 403099648

=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A885AF5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 488375937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 1064550400, free: 162308096

=======================================
 
Reply

Hi Ken, your 36/37 posts were not there when I posted earlier. Ok spybot only picks up ilivid in quarentine one file. It would appear that I'm using spybot 2, I am still unable to go into safe mode, however, have found this. (see below) Is spybot for some reason stopping me from going into safe mode?? Today I got a blue screen with this message. MULTIPLE_IRP_COMPLETE_REQUESTS.

My appoligies if I am vague, but am no expert with computers, I know the basics. Thanks again.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

[spybotsd]
timeout.old=30
 
Status
Not open for further replies.
Back
Top