ilivid browser hijacker

[emily2001]

ilivid "downloader" was installed on my computer along with a bunch of useless toolbars etc. malware bytes doesn't detect it- Help please!

[Maniac]

Hello emily2001 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

[emily2001]

woops, here's dds

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.19088

Run by Admin at 16:18:34 on 2013-04-16

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.950 [GMT -4:00]

.

AV: AVG Anti-Virus 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Broiwse2saVe: {852C1813-6A86-BEEA-ACEB-96840DC59204} - c:\programdata\broiwse2save\5169aaf0e7842.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin

uRunOnce: [DeleteOnReboot] c:\windows\DeleteOnReboot.bat

uRunOnce: [Report] \AdwCleaner[s2].txt

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 10.0.1.1

TCP: Interfaces\{298A1684-57D0-4F5C-881D-A4C8CC24D72E} : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{74F48512-7594-449D-95AE-ADBA09DB22FB} : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94

AppInit_DLLs=

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\hiqmhv3n.default-1357687107256\

FF - prefs.js: browser.search.selectedEngine - EasyLife

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-04-13 15:00; ie4s5e@rqrtbs.net; c:\users\admin\appdata\roaming\mozilla\firefox\profiles\hiqmhv3n.default-1357687107256\extensions\ie4s5e@rqrtbs.net

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-8 64288]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-7 33112]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-1-6 155824]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-04-16 19:40:56 376 ----a-w- c:\windows\DeleteOnReboot.bat

2013-04-13 18:59:55 -------- d-----w- c:\users\admin\appdata\roaming\SendSpace

2013-04-13 18:59:25 -------- d-----w- c:\programdata\Broiwse2saVe

.

==================== Find3M ====================

.

2013-03-14 21:41:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 21:41:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-18 23:38:45 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-14 19:13:54 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-02-14 19:13:54 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-02-14 19:13:54 344064 ----a-w- c:\windows\system32\msvcr70.dll

.

============= FINISH: 16:19:29.63 ===============

[emily2001]

and attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 2/15/2009 3:56:29 AM

System Uptime: 4/16/2013 3:50:15 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0UW744

Processor: AMD Athlon 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 102 GiB total, 59.076 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.184 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0067

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #8

PNP Device ID: ROOT\*6TO4MP\0067

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0068

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #9

PNP Device ID: ROOT\*6TO4MP\0068

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0082

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #22

PNP Device ID: ROOT\*6TO4MP\0082

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0083

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #23

PNP Device ID: ROOT\*6TO4MP\0083

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0086

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #26

PNP Device ID: ROOT\*6TO4MP\0086

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0109

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #27

PNP Device ID: ROOT\*6TO4MP\0109

Service: tunnel

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F51028&REV_01\4&B216F0A&0&09A4

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F51028&REV_01\4&B216F0A&0&09A4

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

AVG 2013

Bonjour

BrowseToSave 1.74

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture DC

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImgBurn

iTunes

Java 6 Update 17

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

Media Go

Media Go Video Playback Engine 1.116.105.02020

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 18.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

OpenOffice.org 3.4.1

PlayStation®Store

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Sony Ericsson Update Engine

Sony PC Companion 2.10.136

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VLC media player 1.1.7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

[Maniac]

Looks like you already used AdwCleaner:

uRunOnce: [DeleteOnReboot] c:\windows\DeleteOnReboot.bat

uRunOnce: [Report] \AdwCleaner[s2].txt

Please restart your computer. Then post the log file which is located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

[emily2001]

# AdwCleaner v2.200 - Logfile created 04/16/2013 at 15:39:21

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 1 (32 bits)

# User : Admin - EMILY-PC

# Boot Mode : Normal

# Running from : C:\Users\Emily\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

File Found : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0a1f0vye.default\searchplugins\Search_Results.xml

File Found : C:\Users\Emily\Desktop\iLivid.lnk

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\BrowseToSave

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\ConduitEngine

Folder Found : C:\Program Files\EasyLife

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\SoftSafe

Folder Found : C:\Users\Admin\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Admin\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Admin\AppData\LocalLow\BitTorrentBar

Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit

Folder Found : C:\Users\Admin\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Emily\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Emily\AppData\Local\Ilivid

Folder Found : C:\Users\Emily\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Emily\AppData\LocalLow\Conduit

Folder Found : C:\Users\Emily\AppData\LocalLow\ConduitEngine

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll

Key Found : HKCU\Software\AppDataLow\Software\BitTorrentBar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\SProtector

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentBar Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\BitTorrentBar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2589DD9B-4518-485B-96D6-0D9D05B7AC26}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86015C97-7A51-4DD4-9D34-3B43CEC80ABE}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{46F4A8CA-61F2-493E-93E2-AA28AF30BF31}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

Key Found : HKU\S-1-5-21-1787016173-3133917544-3074554611-1001\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Found : HKU\S-1-5-21-1787016173-3133917544-3074554611-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-1787016173-3133917544-3074554611-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=34&src=ie1&r=2013/04/13&hid=437326623&lg=EN&cc=CA

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=34&src=ie1&r=2013/04/13&hid=437326623&lg=EN&cc=CA

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hiqmhv3n.default-1357687107256\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);

Found : user_pref("aol_toolbar.default.search.check", false);

Found : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/13&h[...]

Found : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=34&src=ff1&r=2013/04/13&hi[...]

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/13&hid=437326623&l[...]

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=3[...]

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2[...]

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Found : user_pref("sweetim.toolbar.searchguard.enable", "");

File : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0a1f0vye.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);

Found : user_pref("aol_toolbar.default.search.check", false);

Found : user_pref("browser.search.defaultenginename", "Search Results");

Found : user_pref("browser.search.order.1", "Search Results");

Found : user_pref("browser.search.selectedEngine", "Search Results");

Found : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=295&systemid=406&apn[...]

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Found : user_pref("sweetim.toolbar.searchguard.enable", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

-\\ Google Chrome v [unable to get version]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13010 octets] - [16/04/2013 15:39:21]

########## EOF - \AdwCleaner[R1].txt - [13071 octets] ##########

[Maniac]

Step 1

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

In your next reply, post the following log files:

• AdwCleaner log
  
• Junkware Removal Tool log

[emily2001]

# AdwCleaner v2.200 - Logfile created 04/16/2013 at 15:49:14

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 1 (32 bits)

# User : Admin - EMILY-PC

# Boot Mode : Normal

# Running from : C:\Users\Emily\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\BrowseToSave

Folder Deleted : C:\Users\Emily\AppData\Local\Ilivid

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hiqmhv3n.default-1357687107256\prefs.js

[OK] File is clean.

File : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0a1f0vye.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.search.defaultenginename", "Search Results");

Deleted : user_pref("browser.search.order.1", "Search Results");

Deleted : user_pref("browser.search.selectedEngine", "Search Results");

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=295&systemid=406&apn[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [unable to get version]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13139 octets] - [16/04/2013 15:39:21]

AdwCleaner[R2].txt - [2646 octets] - [16/04/2013 15:47:44]

AdwCleaner[R3].txt - [2706 octets] - [16/04/2013 15:48:33]

AdwCleaner[s1].txt - [12426 octets] - [16/04/2013 15:40:42]

AdwCleaner[s2].txt - [2684 octets] - [16/04/2013 15:49:14]

########## EOF - \AdwCleaner[s2].txt - [2744 octets] ##########

[emily2001]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.3 (04.05.2013:1)

OS: Windows Vista Home Premium x86

Ran by Admin on Tue 04/16/2013 at 17:07:00.25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hiqmhv3n.default-1357687107256\prefs.js

user_pref("extensions.5169aaf0e7752.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hiqmhv3n.default-1357687107256\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/16/2013 at 17:15:28.89

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Maniac]

How are things now?

[emily2001]

Hello, I had to leave my computer I dont believe however that the issue was resolved ill post info tomorrow

[Maniac]

Thanks for letting me know!

[Maniac]

Are you still with me?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!