system
September 5, 2013, 1:29am
1
Hi! mother in law’s PC has/had the Ilivid virus. I ran through all this a few months back with my pc, so that helped prepare me for doing this again…sigh.
Anyway…here are the logs, since running everything I haven’t noticed any more problems. Hopefully something I did removed it, but here are the logs to make sure.
hey and welcome to the forum. thanks for attaching the needed logs.
A malware expert will help you from here when one i online.
system
September 5, 2013, 7:10am
5
Hi,
Re-run OTL.exe .
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=COnx9ui70K4CFSZgTAodY2Un4A&ptb=BC848C62-F0B4-4A81-A3D6-1E56C698F1E6&psa=&ind=2012030514&st=sb&n=77ed2632&searchfor={searchTerms}
IE - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - No CLSID value found
IE - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=COnx9ui70K4CFSZgTAodY2Un4A&ptb=BC848C62-F0B4-4A81-A3D6-1E56C698F1E6&psa=&ind=2012030514&st=sb&n=77ed2632&searchfor={searchTerms}
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Users\Ada\AppData\Local\TNT2\2.0.0.1057\npTNT2.dll (Tightrope)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ada\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files\DailyBibleGuide\bar\1.bin [2012/03/05 14:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/05/14 17:17:20 | 000,000,000 | ---D | M]
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll
O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {E465DFF7-488A-49D1-9728-8F6C41DCEBE3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\Toolbar\WebBrowser: (DailyBibleGuide) - {2A942AB7-2073-49BC-A7E1-77E93835889A} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3:HKU - HKU\S-1-5-21-4054425916-3429180180-2467715159-1000\..\Toolbar\WebBrowser: (s1 Search.us.com Toolbar) - {E465DFF7-488A-49D1-9728-8F6C41DCEBE3} - C:\Users\Ada\AppData\Local\TNT2\2.0.0.1057\IEToolbar.dll (Freshy.com)
O4 - HKLM..\Run: [] File not found
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
.
Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop .
Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary )
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log ”
system
September 6, 2013, 7:31am
7
Re-run zoek with this script:
emptyclsid;
C:\users\Ada\AppData\Local\DataMngr_Toolbar;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DailyBibleGuide Search Scope Monitor];r
"command"=-;r
C:\\PROGRA~1\\DAILYB~2;fs
ippkomaaonokjnfjoikaemidanojkfmm;chr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r
"Start Page"="http://www.google.com/";r
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}];r
C:\ProgramData\WeCareReminder;fs
emptyalltemp;
autoclean;
system
September 7, 2013, 6:20am
9
This looks good , do you still have a problem with Ilivid crap?
system
September 8, 2013, 4:35am
10
I think I’m good, thanks so much! If I see anything else I’ll start over, as always. Heh.
system
September 8, 2013, 7:14am
11
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[ ] Create registry backup
[*] Purge System Restore
Now click on “Run ” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt )
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.