Ilivid removal(hopefully!) logs

[Jonas871]

Thanks in advance for any help anyone can offer!

Ilivid toolbars cleaned
search client changed back to google
still getting banner and popups.
avast virus scan ran
adw cleaner ran - logs below
mbam ran - logs below
OTL ran as instructed - logs below.
I have Windows 8 so I stopped there as aswMBR.exe appears to not be compatible yet.

Thanks again!

[mikaelrask]

hey and welcome to the forum.

thank you for attaching the needed logs a malware expert will help you from here.
but of different time zone this will be later today so please be patience.

[magna86]

Hi,

You need to attach AdwCleaner[S1].txt log.

OTL Log doesn't show any leftovers from Ilivid. Let's run additional check;





Please download zoek.exe () from here or here and save it to your Desktop.

• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this instruction.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]


standardsearch;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b



2. Save notepad as zoekscript.txt

• Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag zoekscript.txt into zoek.exe.
Zoek will run. When finished, it will produce a zoek-results.log for you.
Note: It will also create a log in the C:\ directory named "zoek-results.log"


>> Please attach it to your reply.

[Jonas871]

Here we go.
I included a adw scan I ran earlier as well.

Also, I was not able to drag the text file onto the exe file, it opened the program, but didn't do anything else.  so I copied the text into the text field inside the program and hit run script, which did start it.  Let me know if I need to redo that.

[magna86]

Ok, before we continue, you need to tell me do you know for Pokki program?
C:\Users\Jonas\AppData\Local\Pokki\Engine\pokki.exe




Also, re-run zoek.exe as you did before with this script:

Code: [Select]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions;e
fol.vbs;a
zzz.bat;a
fol.vbs;z
zzz.bat;z

Attach here fresh zoek log

[Jonas871]

Pokki is a win 8 start menu replacement.
http://www.pokki.com/windows-8-start-menu

[magna86]

Ok, re-run this Zoek script as you did before;

Code: [Select]


shortcutfix;
emptyclsid;
hcnoocjdgpaeliplnkbhbpccighjkeef;chr
apdfllckaahabafndbhieahigkjlhalf;chr
autoclean;
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lp.crx;f
C:\Users\Jonas\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx;f
FFdefaults;
chrdefaults;
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\a.vbs;f
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\b.bat;f
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lod1.vbs;f
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lp.crx;f
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\v.vbs;f
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\zzz.bat;f
resethosts;
ipconfig /flushdns >> %temp%\log.txt;b
emptyalltemp;




Attach here fresh Zoek logs

[Jonas871]

Here we go.

And to be clear...if you think that pokki thing might be causing a problem, I'll drop it like a bad habit.

[magna86]

Here we go.

And to be clear...if you think that pokki thing might be causing a problem, I'll drop it like a bad habit.

Pokki logs fine but I would remove it if I was you. Tell me after running Zoek script, is your computer running better? Any Ilivid traces?

[Jonas871]

I think that got it.  I don't have the banner at the bottom anymore, and pages aren't randomly popping up anymore.  Anything else I need to do?

Thanks sooo much, that was very annoying.

[magna86]

  We will remove used tools


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.


I recommended you to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

[Jonas871]

Ok, awesome, thanks!

[magna86]

Ok, awesome, thanks!