What is ilivid?
The Malwarebytes research team has determined that ilivid is a PUP bundle installer. These so-called "bundles" install various types of potentially unwanted programs on your computer, usually including toolbars, hijackers and adware.
How do I know if my computer is affected by ilivid?
This is how the start- and search-page looks:
And you may see these toolbars:
and these warnings:
and these icons on your desktop:
How did ilivid get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was offered as a download manager and bundled with other software.
How do I remove ilivid?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
In this case I would recommend to use the uninstallers first and then run the scan as described above.
These are the uninstallers that were present for this bundle:
Using this method will leave less leftovers behind.
How would the full version of Malwarebytes Anti-Malware help protect me?
We hope our application and this guide have helped you eradicate these potentially unwanted programs.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the ilivid bundle. It would have warned you before the bundler could install the potentially unwanted programs, giving you a chance to stop it before it became too late.
Signs in a HijackThis log:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-0&v=n13502-427&t=4
O2 - BHO: Movies Search App (Dist. by Bandoo Media, Inc.) - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
O3 - Toolbar: Movies Search App (Dist. by Bandoo Media, Inc.) - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
O4 - HKCU\..\Run: [iLivid] "C:\Users\{username}\AppData\Local\iLivid\iLivid.exe" -autorun
O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\{username}\AppData\Local\Torch\Update\TorchCrashHandler.exe
Alterations made by the installer:I will show only the highlights because of the length of the log
File system details
---------------------------------------------
Adds the folder C:\Program Files\Movies App\Datamngr
Adds the folder C:\Program Files\Movies App\Datamngr\SRTOOL~1\GC
Adds the folder C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome
Adds the folder C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\components
Adds the folder C:\Program Files\MyPC Backup
Adds the folder C:\Program Files\MyPC Backup\Database
Adds the folder C:\Program Files\MyPC Backup\log
Adds the folder C:\Program Files\MyPC Backup\x64
Adds the folder C:\Program Files\MyPC Backup\x86
Adds the folder C:\ProgramData\Datamngr
Adds the folder C:\ProgramData\TorchCrashHandler
Adds the folder C:\Users\{username}\AppData\Local\iLivid
Adds the folder C:\Users\{username}\AppData\Local\iLivid\iLivid
Adds the folder C:\Users\{username}\AppData\Local\iLivid\imageformats
Adds the folder C:\Users\{username}\AppData\Local\iLivid\translations
Adds the folder C:\Users\{username}\AppData\Local\iLivid\VLC
Adds the folder C:\Users\{username}\AppData\Local\iLivid\Windows\SysWOW64
Adds the folder C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC
Adds the folder C:\Users\{username}\AppData\Local\Torch
Adds the folder C:\Users\{username}\AppData\Local\Torch\Application
Adds the folder C:\Users\{username}\AppData\Local\Torch\Application\33.0.0.7326
Adds the folder C:\Users\{username}\AppData\Local\Torch\Plugins\Hola
Adds the folder C:\Users\{username}\AppData\Local\Torch\Plugins\Torrent
Adds the folder C:\Users\{username}\AppData\Local\Torch\Plugins\Torrent\33.0.0.7326
Adds the folder C:\Users\{username}\AppData\Local\Torch\Plugins\Video
Adds the folder C:\Users\{username}\AppData\Local\Torch\Plugins\Video\VLC
Adds the folder C:\Users\{username}\AppData\Local\Torch\Update
Adds the folder C:\Users\{username}\AppData\Local\Torch\Update\33.0.0.7326
Adds the folder C:\Users\{username}\AppData\Local\Torch\User Data
Adds the folder C:\Users\{username}\AppData\LocalLow\DataMngr
Adds the folder C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar
Adds the folder C:\Users\{username}\AppData\LocalLow\searchresultstb
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Adds the file iLivid.lnk"="8/2/2014 10:35 AM, 1051 bytes, A
Adds the file Torch.lnk"="8/2/2014 10:30 AM, 1191 bytes, A
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
Adds the file Torch.lnk"="8/2/2014 10:31 AM, 1401 bytes, A
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Adds the file iLivid.lnk"="8/2/2014 10:35 AM, 1057 bytes, A
Adds the file Torch.lnk"="8/2/2014 10:31 AM, 1412 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Adds the file MyPC Backup.lnk"="8/2/2014 10:31 AM, 1085 bytes, A
Adds the file Uninstall.lnk"="8/2/2014 10:31 AM, 816 bytes, A
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adds the file MyPC Backup.lnk"="8/2/2014 10:31 AM, 1059 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
Adds the file Torch.lnk"="8/2/2014 10:30 AM, 1203 bytes, A
In the existing folder C:\Users\{username}\Desktop
Adds the file Facebook.lnk"="8/2/2014 10:37 AM, 2268 bytes, A
Adds the file Free Games.lnk"="8/2/2014 10:37 AM, 2244 bytes, A
Adds the file Free Music.lnk"="8/2/2014 10:37 AM, 2244 bytes, A
Adds the file iLivid.lnk"="8/2/2014 10:35 AM, 1049 bytes, A
Adds the file MyPC Backup.lnk"="8/2/2014 10:31 AM, 1049 bytes, A
Adds the file Sync Folder.lnk"="8/2/2014 10:31 AM, 1919 bytes, A
Adds the file Torch.lnk"="8/2/2014 10:31 AM, 1387 bytes, A
Adds the file Youtube.lnk"="8/2/2014 10:37 AM, 2264 bytes, A
Registry details
------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.flv]
"(Default)"="REG_SZ", "TorchVLC.flv"
"TorchVLC.flv_backup"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds]
"ChromiumHTM.ZRYMY43N4V4WDE2TXAFS5BQHII"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds]
"ChromiumHTM.ZRYMY43N4V4WDE2TXAFS5BQHII"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mfp\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Torch.exe\shell\Read\command]
"(Default)"="REG_SZ", ""C:\Users\{username}\AppData\Local\Torch\Application\torch.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM.ZRYMY43N4V4WDE2TXAFS5BQHII\shell\open\command]
"(Default)"="REG_SZ", ""C:\Users\{username}\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
"(Default)"="REG_SZ", "Data Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}]
"(Default)"="REG_SZ", "Movies Search App (Dist. by Bandoo Media, Inc.)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}]
"(Default)"="REG_SZ", "ErrorFilter Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
"(Default)"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\IEBHO.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\DefaultIcon]
"(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\iLivid\iLivid.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\shell]
"(Default)"="REG_SZ", "open"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\shell\open]
"(Default)"="REG_SZ", "Open with iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iLivid.torrent\shell\open\command]
"(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\iLivid\iLivid.exe "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet]
"(Default)"="REG_SZ", "iLivid.torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon]
"(Default)"="REG_SZ", ""C:\Users\{username}\AppData\Local\iLivid\iLivid.exe",0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\shell\open\command]
"(Default)"="REG_SZ", ""C:\Users\{username}\AppData\Local\iLivid\iLivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
"(Default)"="REG_SZ", "Data Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CLSID]
"(Default)"="REG_SZ", "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]
"(Default)"="REG_SZ", "SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
"(Default)"="REG_SZ", "Data Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\CLSID]
"(Default)"="REG_SZ", "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Classes\Magnet]
"(Default)"="REG_SZ", "Magnet URI"
"URL Protocol"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchsVLC.flv\shell\PlayWithVLC]
"(Default)"="REG_SZ", "Play with VLC media player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv\DefaultIcon]
"(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch\Plugins\Video\VLC\vlc.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv\shell]
"(Default)"="REG_SZ", "open"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv\shell\AddToPlaylistVLC]
"(Default)"="REG_SZ", "Add to VLC media player's Playlist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv\shell\AddToPlaylistVLC\command]
"(Default)"="REG_SZ", ""C:\Users\{username}\AppData\Local\Torch\Plugins\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv\shell\open]
"(Default)"="REG_SZ", "Open with VLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchVLC.flv\shell\open\command]
"(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch\Plugins\Video\VLC\vlc.exe %L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Datamngr]
"activeBrowser"="REG_SZ", "ie"
"browser"="REG_SZ", " ie cr"
"Version"="REG_SZ", "5.0.0.13502"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaaigjndjblmpeckabiffcpogflfgl]
"path"="REG_SZ", "C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC\toolbar.crx"
"update_url"="REG_SZ", "https://clients2.google.com/service/update2/crx"
"version"="REG_SZ", "32.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"Deleted"="REG_SZ", "0"
"DisplayName"="REG_SZ", "Ask.com"
"FaviconPath"="REG_SZ", "C:\Program Files\Movies App\Datamngr\favicon.ico"
"ShowSearchSuggestions"="REG_SZ", "1"
"SuggestionsURL_JSON"="REG_SZ", "http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=0&systemid=406&v=n13502-427&apn_uid=0740611474424448&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&qu={searchTerms}&ft=json"
"URL"="REG_SZ", "http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=406&v=n13502-427&apn_uid=0740611474424448&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}"="REG_SZ", "Movies Search App (Dist. by Bandoo Media, Inc.)"
"10"="REG_SZ", "10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MyPC Backup]
"(Default)"="REG_SZ", "C:\Program Files\MyPC Backup\BackupStack.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
"(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch\Application\torch.exe"
"Path"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch\Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
"AuthorizedCDFPrefix"="REG_SZ", ""
"Comments"="REG_SZ", ""
"Contact"="REG_SZ", ""
"DisplayName"="REG_SZ", "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"
"DisplayVersion"="REG_SZ", "9.0.30729"
"EstimatedSize"="REG_DWORD", 596
"HelpLink"="REG_SZ", ""
"HelpTelephone"="REG_SZ", ""
"InstallDate"="REG_SZ", "20140802"
"InstallLocation"="REG_SZ", ""
"InstallSource"="REG_SZ", "c:\f191014ef5d8498532dd\"
"Language"="REG_DWORD", 1033
"ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "Microsoft Corporation"
"Readme"="REG_SZ", ""
"Size"="REG_SZ", ""
"UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
"URLInfoAbout"="REG_SZ", ""
"URLUpdateInfo"="REG_SZ", ""
"Version"="REG_DWORD", 151025673
"VersionMajor"="REG_DWORD", 9
"VersionMinor"="REG_DWORD", 0
"WindowsInstaller"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividbandoomoviestoolbarCR]
"DisplayIcon"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\GC\install.ico"
"DisplayName"="REG_SZ", "Movies Search App for Chrome"
"DisplayVersion"="REG_SZ", "2.1.0.0"
"EstimatedSize"="REG_DWORD", 0
"InstallLocation"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\GC"
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "IAC Search and Media, Inc."
"UninstallString"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\GC\uninstall.exe /UN=CR /PID=LVD2-DTX /PCD=IMH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividbandoomoviestoolbarIE]
"DisplayIcon"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\install.ico"
"DisplayName"="REG_SZ", "Movies Search App for Internet Explorer (Dist. by Bandoo Media, Inc.)"
"DisplayVersion"="REG_SZ", "2.1.0.0"
"EstimatedSize"="REG_DWORD", 0
"InstallLocation"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE"
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "IAC Search and Media, Inc."
"UninstallString"="REG_SZ", "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe /UN=IE /PID=LVD2-DTX /PCD=IMH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup]
"DisplayIcon"="REG_SZ", "C:\Program Files\MyPC Backup\MyPC Backup.exe"
"DisplayName"="REG_SZ", "MyPC Backup "
"DisplayVersion"="REG_SZ", ""
"HelpLink"="REG_SZ", "http://support.mypcbackup.com"
"Publisher"="REG_SZ", "JDi Backup Ltd"
"UninstallString"="REG_SZ", "C:\Program Files\MyPC Backup\uninst.exe"
"URLInfoAbout"="REG_SZ", "http://www.mypcbackup.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DatamngrCoordinator]
"Description"="REG_SZ", "Coordinates Datamngr modules functionality"
"DisplayName"="REG_SZ", "Datamngr Coordinator"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe"
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 272
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\F06DEFF2-5B9C-490D-910F-35D3A9119622]
"DisplayName"="REG_SZ", "F06DEFF2-5B9C-490D-910F-35D3A9119622"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, "\??\C:\Program Files\Movies App\Datamngr\setmgrc2.cfg"
"Start"="REG_DWORD", 1
"Type"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\F06DEFF2-5B9C-490D-910F-35D3A9119622\Enum
"0"="REG_SZ", "Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\0000"
"Count"="REG_DWORD", 1
"NextInstance"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TorchCrashHandler]
"Description"="REG_SZ", "The crash handler service automatically updates Torch to the latest version and sends anonymous crash reports when Torch unexpectedly shuts down, to ensure that Torch offers the best performance and security."
"DisplayName"="REG_SZ", "Torch Crash Handler"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, "C:\Users\{username}\AppData\Local\Torch\Update\TorchCrashHandler.exe"
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 272
[HKEY_CURRENT_USER\Software\APNDTX]
"ToolbarID"="REG_SZ", "Movies Search App (Dist. by Bandoo Media, Inc.)"
"Version"="REG_SZ", "2.1.0.0"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ilividbandoomoviestoolbar]
"Toolbar_Enabled"="REG_DWORD", 0
"Toolbar_Hide_Time"="REG_DWORD", 1406968987
[HKEY_CURRENT_USER\Software\ilivid\iLivid]
"appid"="REG_SZ", "0"
"clid"="REG_SZ", "{0C6FBA0C-37AB-4D4F-B2EE-AE9B5C36B4BA}"
"defaultBrowser"="REG_SZ", "1"
"Home"="REG_SZ", "C:\Users\{username}\AppData\Local\iLivid"
"itime"="REG_SZ", "1406968208"
"iver"="REG_SZ", "5.0.0.4612"
"ln"="REG_SZ", "en"
"pver"="REG_SZ", "5.0.2.4595"
"sysid"="REG_SZ", "406"
[HKEY_CURRENT_USER\Software\ilivid\player]
"allow_user_stats"="REG_SZ", "0"
"fullscreen"="REG_SZ", "--fullscreen"
"NoHelpNeeded"="REG_SZ", "false"
"player_parameters"="REG_SZ", "--one-instance --no-qt-privacy-ask --avi-index=2 --no-qt-updates-notif"
"player_path"="REG_SZ", "C:\Users\{username}\AppData\Local\iLivid\VLC\vlc.exe"
[HKEY_CURRENT_USER\Software\ilivid\player\hosts\ilivid.com]
"pass"="REG_SZ", ""
"username"="REG_SZ", ""
[HKEY_CURRENT_USER\Software\ilividbandoomoviestoolbar]
"Installer Language"="REG_SZ", "1033"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page
REG_SZ, "http://www.google.com" ==> REG_SZ, "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-0&v=n13502-427&t=4"
"Window_Placement
REG_BINARY, ,..................... ==> REG_BINARY, ,.....................
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
"UpgradeTime
REG_BINARY, .... ==> REG_BINARY, ....
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"Deleted"="REG_SZ", "0"
"DisplayName"="REG_SZ", "Ask.com"
"FaviconPath"="REG_SZ", "C:\Program Files\Movies App\Datamngr\favicon.ico"
"ShowSearchSuggestions"="REG_SZ", "1"
"SuggestionsURL_JSON"="REG_SZ", "http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=0&systemid=406&v=n13502-427&apn_uid=0740611474424448&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&qu={searchTerms}&ft=json"
"URL"="REG_SZ", "http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=406&v=n13502-427&apn_uid=0740611474424448&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iLivid"="REG_SZ", ""C:\Users\{username}\AppData\Local\iLivid\iLivid.exe" -autorun"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\iLivid\iLivid.exe"
"DisplayName"="REG_SZ", "iLivid"
"DisplayVersion"="REG_SZ", "5.0.0.4612"
"InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\iLivid"
"NoModify"="REG_SZ", "1"
"NoRepair"="REG_SZ", "1"
"Publisher"="REG_SZ", "Bandoo Media Inc"
"Traffic_type"="REG_SZ", "n"
"UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\iLivid\uninstall.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch\Application\torch.exe"
"DisplayName"="REG_SZ", "Torch"
"DisplayVersion"="REG_SZ", "33.0.0.7326"
"InstallDate"="REG_SZ", "20140802"
"InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch"
"NoModify"="REG_SZ", "1"
"NoRepair"="REG_SZ", "1"
"Publisher"="REG_SZ", "Torch Media, Inc"
"Traffic_type"="REG_SZ", "n"
"UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\Torch\uninstall.exe""
"UnPATH"="REG_SZ", "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch UninstallString "C:\Users\{username}\AppData\Local\Torch\uninstall.exe""
"Version"="REG_SZ", "33.0.0.7326"
"VersionMajor"="REG_DWORD", 0
"VersionMinor"="REG_DWORD", 7326
[HKEY_CURRENT_USER\Software\Torch]
"appid"="REG_SZ", "139"
"bpi"="REG_SZ", "1"
"clid"="REG_SZ", "{447764FD-BBEC-411D-8680-9885442B965D}"
"extappid"="REG_SZ", "0"
"extsysid"="REG_SZ", "406"
"home"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch"
"itime"="REG_SZ", "2014-08-02"
"itype"="REG_SZ", "n"
"iver"="REG_SZ", "33.0.0.7326"
"ln"="REG_SZ", "en"
"osl"="REG_SZ", "en-US"
"ostype"="REG_SZ", "win32"
"osver"="REG_SZ", "6.1"
"ptype"="REG_SZ", "n"
"pver"="REG_SZ", "33.0.0.7326"
"sysid"="REG_SZ", "448"
"tpath"="REG_SZ", "C:\Users\{username}\AppData\Local\Torch\Application\torch.exe"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\{username}\AppData\Local\iLivid\imageformats]
"qgif4.dll"="REG_MULTI_SZ, "2013-06-27T11:33:00 gif "
"qico4.dll"="REG_MULTI_SZ, "2013-06-27T11:33:14 ico "
"qjpeg4.dll"="REG_MULTI_SZ, "2013-06-27T11:32:58 jpeg jpg "
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\{username}\AppData\Local\iLivid\imageformats]
"qgif4.dll"="REG_MULTI_SZ, "40805 0 Windows msvc release full-config 2013-06-27T11:33:00 "
"qico4.dll"="REG_MULTI_SZ, "40805 0 Windows msvc release full-config 2013-06-27T11:33:14 "
"qjpeg4.dll"="REG_MULTI_SZ, "40805 0 Windows msvc release full-config 2013-06-27T11:32:58 "
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/2/2014
Scan Time: 10:47:51 AM
Logfile: mbamIlivid.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.02.02
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250213
Time Elapsed: 3 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 3
PUP.Optional.Bandoo.A, C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe, 852, Delete-on-Reboot, [0fbbd2ef8fec3402d6829a8fd52cee12]
PUP.Optional.Bandoo.A, C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe, 3144, Delete-on-Reboot, [0fbbd2ef8fec3402d6829a8fd52cee12]
PUP.Optional.Bandoo.A, C:\Program Files\Movies App\Datamngr\DatamngrUI.exe, 2736, Delete-on-Reboot, [7555a71aa9d294a23c1bd554fa07e41c]
Modules: 2
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\apcrtldr.dll, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\apcrtldr.dll, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
Registry Keys: 62
PUP.Optional.Bandoo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DatamngrCoordinator, Delete-on-Reboot, [0fbbd2ef8fec3402d6829a8fd52cee12],
PUP.Optional.Bandoo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, Delete-on-Reboot, [57733a8783f8c076b6a25acf19e806fa],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}, Quarantined, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\CLASSES\CLSID\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\CLASSES\CLSID\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}\INPROCSERVER32, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.SearchApp.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.SearchApp.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\Datamngr, Delete-on-Reboot, [af1b00c185f68ea8d44401dd25dd7e82],
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaigjndjblmpeckabiffcpogflfgl, Quarantined, [1cae259c25562313d0b567cc907407f9],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [f6d4b20f7209c076aadd1e1554b08b75],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [4a80fdc4b4c74aec09eb6d61639f7d83],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [09c1c1002358a98df3bb2c066b99a060],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [6e5c1fa291ead3630de69935f80a41bf],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [b119f8c93348e94de5cad161f014e31d],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [0bbf8f323d3ede5837bb27a77b87cc34],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [7f4b447dc9b21026eac649e9ef15ad53],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [4f7bb40dadcea1958660e2ec887ab64a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [ffcb843d90eb38fe2b861f13976d5ea2],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [02c8635e324983b35b8c2f9f867c6a96],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [9931ead7106be353d2e0a48e30d4c13f],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [9f2b655c512a71c5796f07c7d52d5ba5],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [dbef30918af1ab8b1e95e2508d7717e9],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [d5f58d34e497af87d7131faf887ab34d],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [8347cff2156679bd3084c86ae71d0ff1],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\jumpflip, Quarantined, [d3f7be0343380d290ca9b082e51fb14f],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [19b1fec302791b1b8c5fe6e8a85a56aa],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [eae0a51c403b6accb006aa88a163ea16],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchinstaller.exe, Quarantined, [c505ab16c6b5de587b3c7ab89272ca36],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [44868140ee8dd363bb31ddf1798901ff],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [7555536e2457a096b20681b1c93b0000],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, Quarantined, [854515acd7a44ee821cc1cb2f30f867a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, Quarantined, [20aad4ed98e31026fcbd082a6a9aa15f],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings.exe, Quarantined, [02c8a31e3e3de1557c3ee052bc485ba5],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings64.exe, Quarantined, [ca00dde477044beb7447d55daa5aa25e],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [fad016abe794270f8f5fe3eb2ad83fc1],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [4b7f2899accf999d823a75bdf60e34cc],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [b119b20fd6a540f6f5fa20aef40e8d73],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [e3e7b80988f31f17239ae44e92727c84],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [29a17e43afcc38fe11df0fbfc53d35cb],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [8d3d705180fbde584c71181a9371c937],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\umbrella.exe, Quarantined, [ccfe3b86ed8e1f17a41a9c96a55f728e],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [d2f8b1100d6ee6506988349aaa5841bf],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [c00a655c94e73cfa7e41b37f62a2e917],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\volaro, Quarantined, [4189f2cf97e406300cb4062c7b89a55b],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\vonteera, Quarantined, [309a8d34067572c42a974ae8f50f8f71],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroids.exe, Quarantined, [953512afccafa096467cac86df2507f9],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroidsservice.exe, Quarantined, [1cae1da4c4b743f308bb73bf798b7f81],
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ilividbandoomoviestoolbarCR, Quarantined, [4585348d3b408da9aed835feb252ac54],
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ilividbandoomoviestoolbarIE, Quarantined, [6b5fb30eafccab8b3c4a8da6e2228c74],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [c50516ab82f964d2b93c39d7b54f8e72],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ilividbandoomoviestoolbar, Quarantined, [8f3b7f42d0ab0a2c71520eed3bc7a759],
PUP.Optional.SearchApp.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APNDTX\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}, Quarantined, [4b7fbd0466152c0a8207240ff90b7c84],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ilividbandoomoviestoolbar, Quarantined, [903a457c176485b17212132047bdd32d],
Registry Values: 4
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Movies Search App (Dist. by Bandoo Media, Inc.), Quarantined, [2aa08140d1aa64d211779409eb177b85]
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}, Quarantined, [6e5c873a354687afe8a0801de61cb44c],
PUP.Optional.DataMangr.A, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x86, C:\Program Files\Movies App\Datamngr\apcrtldr.dll, Quarantined, [a327b40d67145adcbdcb75bee51f42be]
PUP.Optional.DataMangr.A, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x64, c:\program files\movies app\datamngr\x64\apcrtldr.dll, Quarantined, [a2282e93d1aa0e286b1d7cb74eb609f7]
Registry Data: 0
(No malicious items detected)
Folders: 40
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, Delete-on-Reboot, [76546d54e794db5bf83c799d7d87966a],
PUP.Optional.Datamngr.A, C:\Users\{username}\AppData\LocalLow\DataMngr, Quarantined, [4684a21f83f8f046c6ef5c57a65c0bf5],
PUP.Optional.SearchApp.A, C:\Users\{username}\AppData\Local\Temp\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}, Quarantined, [81498d3442398bab7254943769991fe1],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar, Quarantined, [5b6feed387f46ec851779c2ffb079769],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC, Quarantined, [5b6feed387f46ec851779c2ffb079769],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\GC, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\modules, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\widgets, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\data, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\data\search, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\data\weather, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\lib, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\toolbar, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\debugbar, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\css, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\default, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\default\css, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\default\images, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\default\scripts, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\images, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\panels\js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\uwa, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\weatherbutton, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\weatherbutton\icons, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\weatherbutton\panels, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\lib\weatherbutton\panels\images, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\options, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\searchbar, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\components, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
Files: 515
PUP.Optional.Bandoo.A, C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe, Delete-on-Reboot, [0fbbd2ef8fec3402d6829a8fd52cee12],
PUP.Optional.Bandoo.A, C:\Program Files\Movies App\Datamngr\DatamngrUI.exe, Delete-on-Reboot, [7555a71aa9d294a23c1bd554fa07e41c],
PUP.Optional.Bandoo.A, C:\Program Files\Movies App\Datamngr\setmgrc2.cfg, Delete-on-Reboot, [57733a8783f8c076b6a25acf19e806fa],
PUP.Optional.Datamngr.A, C:\Program Files\Movies App\Datamngr\IEBHO.dll, Delete-on-Reboot, [4a809d24daa184b26571980227dbf10f],
PUP.Optional.SearchApp.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll, Quarantined, [2aa08140d1aa64d211779409eb177b85],
PUP.Optional.Bandoo, C:\Users\{username}\Desktop\Bandoo_!_20140721__1681408__9556A78BB7ACE17D3840E6D5B003ADF6.exe, Quarantined, [8149a31e106b54e23ff964af966b56aa],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, Quarantined, [76546d54e794db5bf83c799d7d87966a],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, Quarantined, [76546d54e794db5bf83c799d7d87966a],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-4016700205-1717049133-1125222536-1001.cfg, Quarantined, [76546d54e794db5bf83c799d7d87966a],
PUP.Optional.Datamngr.A, C:\Users\{username}\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, Quarantined, [4684a21f83f8f046c6ef5c57a65c0bf5],
PUP.Optional.SearchApp.A, C:\Users\{username}\AppData\Local\Temp\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}\geodata.xml, Quarantined, [81498d3442398bab7254943769991fe1],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\apnuserid.dat, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\appid.dat, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\dtx.ini, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\geodata.xml, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\guid.dat, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\preferences.dat, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\sysid.dat, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\LocalLow\ilividbandoomoviestoolbar\trackid.dat, Quarantined, [97339c25afcca29425a2b912758d10f0],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC\com.apn.native_messaging_host_aaaaafeopjhkcolncjbedbhofpocmdbn.json, Quarantined, [5b6feed387f46ec851779c2ffb079769],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC\com.apn.native_messaging_host_aaaaaigjndjblmpeckabiffcpogflfgl.json, Quarantined, [5b6feed387f46ec851779c2ffb079769],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC\IACNativeMsgHost.exe, Quarantined, [5b6feed387f46ec851779c2ffb079769],
PUP.Optional.Bandoo.A, C:\Users\{username}\AppData\Local\ilividbandoomoviestoolbar\GC\toolbar.crx, Quarantined, [5b6feed387f46ec851779c2ffb079769],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\apcrtldr.dll, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\Datamngr.dll, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\favicon.ico, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\Helper.dll, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\Internet Explorer Settings.exe, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\mgrldr.dll, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\Uninstall.exe, Delete-on-Reboot, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\GC\install.ico, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\GC\uninstall.exe, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\as_guid.dat, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\install.ico, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\manifest.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\searchresultstb.dll, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\uninstall.exe, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\custom.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\neterror.xhtml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\partner.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\preferences.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\template.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\toolbar.htm, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\toolbar.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\vmncode.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\vmnrsswin.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\about.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\custom.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\dtxpanel.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\dtxpaneltransparent.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\dtxpanelwin.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\dtxprefwin.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\dtxtransparentwin.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\dtxwin.xul, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\emailnotifierproviders.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\external.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\neterror.xhtml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\rsspreview.html, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\rsswin.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\rsswin.xsl, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\lib\wmpstreamer.html, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\modules\datastore.jsm, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\content\modules\nsDragAndDrop.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\data\search\engines.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\data\search\search.xsl, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\data\weather\icons.xml, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\locale.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\lib\en.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\toolbar\de.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\toolbar\en.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\toolbar\es.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\toolbar\fr.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\locale\toolbar\it.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\
{skipped most of the content of ths folder, full log available on request}
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\chrome\skin\searchbar\searchbar-background-right.png, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.DataMangr.A, C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\components\windowmediator.js, Quarantined, [ddede7dafa8144f230aa9c2fd82aa35d],
PUP.Optional.ASK.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-0&v=n13502-427&t=4",), Replaced,[15b5fcc5700be4527bdc45a960a431cf]
PUP.Optional.ASK.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-0&v=n13502-427&t=4" ],), Replaced,[7f4be4ddc7b4102679105d91b94b946c]
Physical Sectors: 0
(No malicious items detected)
(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
