Jump to content

Recommended Posts

Hi, i have been infected by something that is asking for all important detail about my bank and login details. I ran a few programs i was told could help ie.

RKill

JRT

Adwarecleaner

Rogue Killer and malwalwarebytes

I am still afraid to use computer for banking and the bank has suspended my online banking until i get my computer sorted. Here are my logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_29
Run by user at 9:21:35 on 2014-02-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4040.2584 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: AlwaysShowClassicMenu = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:1
mPolicies-System: SynchronousUserGroupPolicy = dword:1
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{302AB316-07AC-4C60-BE52-4759A6C407DA} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}\plugins\np-mswmp.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-17 13336]
R2 lxbk_device;lxbk_device;C:\Windows\System32\lxbkcoms.exe -service --> C:\Windows\System32\lxbkcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-7 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-4 2848168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-17 2655768]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-17 243232]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-17 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-7 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe --> C:\Program Files (x86)\Mobogenie\MgAssist.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-07 22:51:41 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2014-02-07 20:54:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-07 16:09:05 -------- d-----w- C:\AdwCleaner
2014-02-07 16:05:39 -------- d-----w- C:\Support
2014-02-07 15:56:01 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{598F7A9B-935F-4AC5-9EC4-202093F9BF1F}\mpengine.dll
2014-02-06 09:54:28 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2014-02-06 09:54:22 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-06 09:54:21 -------- d-----w- C:\Users\user\AppData\Local\Programs
2014-02-06 09:54:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 23:00:22 -------- d-----w- C:\Users\user\AppData\Local\wrkehcle
2014-01-31 22:17:48 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-23 12:36:02 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA7FB8AE-C20A-40DD-A259-2023361A9DF0}\gapaengine.dll
2014-01-15 08:55:13 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 08:55:12 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 08:55:12 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 08:55:12 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 08:55:12 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 08:55:12 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 08:55:12 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 08:54:42 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 08:54:12 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-02-05 07:39:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 07:39:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 09:59:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH:  9:23:55.72 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 27/07/2011 15:09:21
System Uptime: 08/02/2014 09:14:37 (0 hours ago)
.
Motherboard: Acer |  | Aspire X3960
Processor: Intel® Core i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 402.635 GiB free.
D: is FIXED (NTFS) - 458 GiB total, 456.799 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: X5XSEx_Pr143
Device ID: ROOT\LEGACY_X5XSEX_PR143\0000
Manufacturer: 
Name: X5XSEx_Pr143
PNP Device ID: ROOT\LEGACY_X5XSEX_PR143\0000
Service: X5XSEx_Pr143
.
==== System Restore Points ===================
.
RP246: 10/12/2013 21:25:36 - Windows Update
RP247: 12/12/2013 08:55:42 - Windows Update
RP248: 14/12/2013 10:15:25 - Windows Update
RP249: 17/12/2013 12:17:30 - Windows Update
RP250: 20/12/2013 22:02:48 - Windows Update
RP251: 24/12/2013 12:58:57 - Windows Update
RP252: 24/12/2013 21:56:02 - Installed DirectX
RP253: 28/12/2013 09:35:10 - Windows Update
RP254: 31/12/2013 19:01:44 - Windows Update
RP255: 04/01/2014 16:22:58 - Windows Update
RP256: 08/01/2014 11:53:05 - Windows Update
RP257: 11/01/2014 16:42:32 - Windows Update
RP258: 15/01/2014 09:19:30 - Windows Update
RP259: 19/01/2014 11:04:47 - Windows Update
RP260: 23/01/2014 12:34:31 - Windows Update
RP261: 27/01/2014 10:06:46 - Windows Update
RP262: 30/01/2014 21:19:57 - Windows Update
.
==== Installed Programs ======================
.
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.2)
Advertising Center
Airport Mania First Flight
Alchemy 1.2
Amazonia
Bejeweled 2
Brain Teasers
BrowseSmart
Cake Mania
CCleaner
Cradle of Rome
D3DX10
Daily Mah Jong
Dream Day First Home
Dropbox
eBay Worldwide
eSobi v2
ExtractNow
Farm Frenzy 2
FileHippo.com Update Checker
FolderHighlight 2.1
Galapago
Google Chrome
Google Earth
Google Update Helper
Heartwild Solitaire - Book Two
Heroes of Hellas
Hotkey Utility
Hoyle Puzzle Games 2005
Identity Card
ImagXpress
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 6 Update 29
Java 7 Update 2 (64-bit)
Jewel Quest Solitaire III
Junk Mail filter update
Lexmark X1100 Series
Magic Inlay  (RA)
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
MediaEspresso
Merriam Websters Spell Jam
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MiPony 1.5.3
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Picasa 3
Poker Pop
Puzzle Solitaire
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shredder
Skype Click to Call
Skype™ 6.11
Solitaire3
Spin & Win
Super GameHouse Solitaire Vol. 3
TeamViewer 7
The KMPlayer (remove only)
The Treasures of Montezuma
Time Riddles: The Mansion
TurtleBay
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 1.1.11
Welcome Center
Windows 7 Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 1 (64-bit)
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
08/02/2014 09:15:49, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
08/02/2014 09:15:49, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
08/02/2014 09:15:32, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
08/02/2014 09:15:07, Error: Service Control Manager [7000]  - The X5XSEx_Pr143 service failed to start due to the following error:  The system cannot find the path specified.
08/02/2014 09:15:05, Error: Service Control Manager [7000]  - The MgAssist Service service failed to start due to the following error:  The system cannot find the file specified.
07/02/2014 22:45:14, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR3.
07/02/2014 16:12:08, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The system cannot find the path specified.
07/02/2014 16:12:08, Error: Service Control Manager [7000]  - The Print Spooler service failed to start due to the following error:  The system cannot find the path specified.
07/02/2014 16:12:08, Error: Service Control Manager [7000]  - The Intel® Management and Security Application Local Management Service service failed to start due to the following error:  The system cannot find the path specified.
07/02/2014 16:11:58, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/02/2014 16:11:58, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/02/2014 16:11:58, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
07/02/2014 16:11:58, Error: Service Control Manager [7031]  - The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
07/02/2014 16:11:38, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
07/02/2014 16:11:10, Error: Service Control Manager [7034]  - The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Updater Service service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The MgAssist Service service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The lxbk_device service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The GREGService service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
07/02/2014 16:11:08, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/02/2014 16:11:08, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/02/2014 16:11:08, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
07/02/2014 16:11:08, Error: Service Control Manager [7031]  - The Util BrowseSmart service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
07/02/2014 16:11:08, Error: Service Control Manager [7031]  - The Update BrowseSmart service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
07/02/2014 16:11:08, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/02/2014 15:55:54, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
07/02/2014 15:39:34, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 109.107.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.10003.0&sig=109.107.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 2.1.10003.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
07/02/2014 15:39:34, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
07/02/2014 15:39:34, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10201.0&avdelta=1.165.3064.0&asdelta=1.165.3064.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
07/02/2014 15:39:34, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10201.0&avdelta=1.165.3064.0&asdelta=1.165.3064.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
07/02/2014 10:28:57, Error: Ntfs [137]  - The default transaction resource manager on volume \\?\Volume{9e738ad9-8fe2-11e3-a244-806e6f6e6963} encountered a non-retryable error and could not start.  The data contains the error code.
06/02/2014 09:27:26, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
06/02/2014 09:04:25, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
05/02/2014 22:15:08, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
05/02/2014 12:13:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
05/02/2014 09:28:15, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
05/02/2014 09:10:05, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
05/02/2014 08:48:26, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
05/02/2014 07:49:02, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 21:16:20, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 18:06:22, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 15:19:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 13:56:47, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 12:18:56, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 12:15:33, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
04/02/2014 09:36:32, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
03/02/2014 21:18:41, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
03/02/2014 09:33:25, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
02/02/2014 19:55:54, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
02/02/2014 13:47:46, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
02/02/2014 12:15:21, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3064.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x80070422   Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 
.
==== End Of File ===========================
Thanks in advance for your help
 
Link to post
Share on other sites

Please note:

  If you have Malwarebytes Pro as a paying customer you qualify for help at Consumer Support  If you choose that option to get help, please let me know.

 

If you do not qualify or decline that help we continue, Please be aware of the following:

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

 

 

Link to post
Share on other sites

Hi and thank you for your quick response. Sorry about the double post, the forum said not responding at first try and saved my text so i tried again and it posted again in error. 

 

My scan results

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by user (administrator) on USER-PC on 08-02-2014 13:49:09
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-19\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-764395833-1939329319-3225455460-1000\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-764395833-1939329319-3225455460-1000\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {C710F991-B813-491B-A0CB-8540172F1477} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtB0Ezy0F0FyBzzzyzz0EtDtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=281459687&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\searchplugins\a-free-ride-games-bar-customized-web-search.xml
FF Extension: CuteButtons - Crystal SVG - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\CuteButtonsCrystalSVG@ChoGGi [2012-02-14]
FF Extension: Fast Translation - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\fasttrans@kemot [2013-07-20]
FF Extension: Toolbar Buttons - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-12-22]
FF Extension: InFormEnter - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2013-10-22]
FF Extension: SearchPreview - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-02-05]
FF Extension: Copy Link Text - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\copylinktext@brett.zamir.xpi [2011-12-22]
FF Extension: InstaClick - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\instaclick@leahscape.com.xpi [2011-12-21]
FF Extension: Translate This! - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2012-11-04]
FF Extension: Restart Firefox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\restart@restart.org.xpi [2011-12-22]
FF Extension: Saved Passwords Button (Gemte adgangskoder) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\savedpasswords@adamfranco.com.xpi [2011-12-22]
FF Extension: Dict.cc Translation - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\searchdictcc@roughael.xpi [2012-11-06]
FF Extension: FastestFox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\smarterwiki@wikiatic.com.xpi [2011-12-21]
FF Extension: Test Pilot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-12-23]
FF Extension: Tools Menu Button - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\toolsMenuButton@peter.faj.xpi [2011-12-22]
FF Extension: Google Translator for Firefox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\translator@zoli.bod.xpi [2012-11-04]
FF Extension: Undo Closed Tabs Button - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2011-12-21]
FF Extension: Remove Cookies for Site - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2013-08-05]
FF Extension: X-notifier - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-03-17]
FF Extension: Compact Menu 2 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}.xpi [2011-12-22]
FF Extension: Quick Translator - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2012-11-04]
FF Extension: Speed Dial - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-12-21]
FF Extension: Close Button - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{962e0d4d-6b89-4b73-aa72-df03360da12e}.xpi [2011-12-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-01-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-01-30]
 
Chrome: 
=======
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtB0Ezy0F0FyBzzzyzz0EtDtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=281459687&ir=
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-06]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx [2011-12-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-08 13:49 - 2014-02-08 13:49 - 00018598 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-08 13:49 - 2014-02-08 13:49 - 00000000 ____D () C:\FRST
2014-02-08 13:47 - 2014-02-08 13:48 - 02079744 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-02-08 09:24 - 2014-02-08 09:24 - 00030073 _____ () C:\Users\user\Desktop\attach.txt
2014-02-08 09:24 - 2014-02-08 09:23 - 00017487 _____ () C:\Users\user\Desktop\dds.txt
2014-02-08 09:20 - 2014-02-08 09:20 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.scr
2014-02-07 23:00 - 2014-02-07 23:00 - 00287744 _____ (Oleg N. Scherbakov) C:\Users\user\Desktop\dCL_SFX.exe
2014-02-07 22:51 - 2014-02-07 22:51 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2014-02-07 20:54 - 2014-02-07 20:54 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-07 20:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-07 20:53 - 2014-02-07 20:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-07 16:13 - 2014-02-07 16:16 - 00000000 ____D () C:\Users\user\Desktop\RK_Quarantine
2014-02-07 16:09 - 2014-02-07 16:11 - 00000000 ____D () C:\AdwCleaner
2014-02-07 16:08 - 2014-02-04 07:38 - 01037530 _____ (Thisisu) C:\Users\user\Desktop\JRT_NEW.exe
2014-02-07 16:05 - 2014-02-07 22:45 - 00000000 ____D () C:\Support
2014-02-06 09:54 - 2014-02-07 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-06 09:54 - 2014-02-06 09:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-02-06 09:54 - 2014-02-06 09:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 09:44 - 2014-02-06 09:44 - 00000000 ____D () C:\Users\user\Desktop\rkill
2014-02-06 09:43 - 2014-02-07 16:04 - 00000058 _____ () C:\Users\Public\Desktop\Daves Support.url
2014-02-01 11:49 - 2014-02-07 16:11 - 00000000 _____ () C:\Users\user\AppData\Local\esxfyxke.log
2014-01-31 23:01 - 2014-02-07 16:05 - 00752538 _____ () C:\Users\user\AppData\Local\irlmeiwf.log
2014-01-31 23:01 - 2014-02-07 15:48 - 00323000 _____ () C:\Users\user\AppData\Local\pdxtssuc.log
2014-01-31 23:01 - 2014-02-07 15:48 - 00003617 _____ () C:\Users\user\AppData\Local\nhewjtqy.log
2014-01-31 23:01 - 2014-02-07 15:48 - 00003288 _____ () C:\Users\user\AppData\Local\trnjxcua.log
2014-01-31 23:00 - 2014-02-07 16:13 - 00000000 ____D () C:\Users\user\AppData\Local\wrkehcle
2014-01-31 23:00 - 2014-02-07 16:11 - 00000028 _____ () C:\Users\user\AppData\Local\geojnbmo.log
2014-01-31 23:00 - 2014-02-07 15:48 - 00005370 _____ () C:\Users\user\AppData\Local\gbbqrwyd.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00432112 _____ () C:\Users\user\AppData\Local\huswgbtl.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00000064 _____ () C:\ProgramData\tfwhlptp.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 _____ () C:\Users\user\AppData\Local\ijasaefa.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 _____ () C:\Users\user\AppData\Local\cericbvl.log
2014-01-30 12:41 - 2014-01-30 12:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-29 22:16 - 2014-01-29 22:19 - 00001126 _____ () C:\Users\user\Desktop\Play Daily Mah Jong.lnk
2014-01-28 22:24 - 2014-01-28 22:24 - 00262144 _____ () C:\Windows\Minidump\012814-15756-01.dmp
2014-01-15 21:13 - 2014-01-15 21:14 - 00731536 _____ () C:\Users\user\Downloads\GamesSetup(2).exe
2014-01-15 21:13 - 2014-01-15 21:13 - 00731536 _____ () C:\Users\user\Downloads\GamesSetup.exe
2014-01-15 21:13 - 2014-01-15 21:13 - 00731536 _____ () C:\Users\user\Downloads\GamesSetup(1).exe
2014-01-15 08:55 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:55 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:55 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:55 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:55 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:55 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:55 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:54 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:54 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-08 13:49 - 2014-02-08 13:49 - 00018598 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-08 13:49 - 2014-02-08 13:49 - 00000000 ____D () C:\FRST
2014-02-08 13:48 - 2014-02-08 13:47 - 02079744 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-02-08 13:47 - 2011-12-25 22:01 - 00000000 ___RD () C:\Users\user\Dropbox
2014-02-08 13:47 - 2011-12-21 22:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-02-08 13:43 - 2013-09-15 09:10 - 00034407 _____ () C:\Windows\setupact.log
2014-02-08 13:43 - 2011-12-21 22:06 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 13:43 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 09:26 - 2011-12-21 21:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 09:24 - 2014-02-08 09:24 - 00030073 _____ () C:\Users\user\Desktop\attach.txt
2014-02-08 09:23 - 2014-02-08 09:24 - 00017487 _____ () C:\Users\user\Desktop\dds.txt
2014-02-08 09:22 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:22 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:20 - 2014-02-08 09:20 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.scr
2014-02-07 23:00 - 2014-02-07 23:00 - 00287744 _____ (Oleg N. Scherbakov) C:\Users\user\Desktop\dCL_SFX.exe
2014-02-07 22:51 - 2014-02-07 22:51 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2014-02-07 22:46 - 2011-07-27 14:20 - 00000000 ____D () C:\Users\Kiosk
2014-02-07 22:46 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2014-02-07 22:45 - 2014-02-07 16:05 - 00000000 ____D () C:\Support
2014-02-07 22:11 - 2011-12-21 22:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 20:54 - 2014-02-07 20:54 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-07 20:54 - 2014-02-07 20:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-07 20:54 - 2014-02-06 09:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 20:31 - 2012-01-02 12:49 - 00007514 _____ () C:\Windows\PFRO.log
2014-02-07 16:16 - 2014-02-07 16:13 - 00000000 ____D () C:\Users\user\Desktop\RK_Quarantine
2014-02-07 16:13 - 2014-01-31 23:00 - 00000000 ____D () C:\Users\user\AppData\Local\wrkehcle
2014-02-07 16:13 - 2011-07-27 14:11 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 16:11 - 2014-02-07 16:09 - 00000000 ____D () C:\AdwCleaner
2014-02-07 16:11 - 2014-02-01 11:49 - 00000000 _____ () C:\Users\user\AppData\Local\esxfyxke.log
2014-02-07 16:11 - 2014-01-31 23:00 - 00000028 _____ () C:\Users\user\AppData\Local\geojnbmo.log
2014-02-07 16:05 - 2014-01-31 23:01 - 00752538 _____ () C:\Users\user\AppData\Local\irlmeiwf.log
2014-02-07 16:05 - 2009-07-14 05:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 16:04 - 2014-02-06 09:43 - 00000058 _____ () C:\Users\Public\Desktop\Daves Support.url
2014-02-07 15:55 - 2010-02-10 13:19 - 02090542 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 15:48 - 2014-01-31 23:01 - 00323000 _____ () C:\Users\user\AppData\Local\pdxtssuc.log
2014-02-07 15:48 - 2014-01-31 23:01 - 00003617 _____ () C:\Users\user\AppData\Local\nhewjtqy.log
2014-02-07 15:48 - 2014-01-31 23:01 - 00003288 _____ () C:\Users\user\AppData\Local\trnjxcua.log
2014-02-07 15:48 - 2014-01-31 23:00 - 00005370 _____ () C:\Users\user\AppData\Local\gbbqrwyd.log
2014-02-06 09:54 - 2014-02-06 09:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-02-06 09:54 - 2014-02-06 09:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 09:44 - 2014-02-06 09:44 - 00000000 ____D () C:\Users\user\Desktop\rkill
2014-02-06 09:25 - 2009-07-14 02:34 - 00000611 _____ () C:\Windows\win.ini
2014-02-05 09:36 - 2013-12-24 21:44 - 00000000 ____D () C:\Users\user\Desktop\mums games
2014-02-05 07:39 - 2011-12-21 21:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 07:39 - 2011-12-21 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 07:39 - 2011-12-21 21:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 07:38 - 2014-02-07 16:08 - 01037530 _____ (Thisisu) C:\Users\user\Desktop\JRT_NEW.exe
2014-02-03 21:57 - 2011-12-27 08:38 - 00000029 _____ () C:\Windows\popcinfo.dat
2014-02-02 14:48 - 2013-03-05 15:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-01-31 23:08 - 2011-12-26 15:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\SoftGrid Client
2014-01-31 23:00 - 2014-01-31 23:00 - 00432112 _____ () C:\Users\user\AppData\Local\huswgbtl.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00000064 _____ () C:\ProgramData\tfwhlptp.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 _____ () C:\Users\user\AppData\Local\ijasaefa.log
2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 _____ () C:\Users\user\AppData\Local\cericbvl.log
2014-01-31 22:52 - 2012-11-09 08:04 - 00001150 _____ () C:\Users\user\Desktop\Play The Treasures of Montezuma.lnk
2014-01-30 21:08 - 2012-05-24 09:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-30 12:41 - 2014-01-30 12:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 12:41 - 2011-12-26 15:57 - 00000277 _____ () C:\Windows\Lexstat.ini
2014-01-29 22:19 - 2014-01-29 22:16 - 00001126 _____ () C:\Users\user\Desktop\Play Daily Mah Jong.lnk
2014-01-29 09:37 - 2013-12-26 17:34 - 00000000 ____D () C:\Users\user\AppData\Local\cache
2014-01-28 22:24 - 2014-01-28 22:24 - 00262144 _____ () C:\Windows\Minidump\012814-15756-01.dmp
2014-01-28 22:24 - 2013-12-01 22:07 - 456314051 _____ () C:\Windows\MEMORY.DMP
2014-01-28 12:34 - 2013-12-26 18:33 - 00000151 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2014-01-23 12:52 - 2013-12-26 17:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-19 17:49 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 09:59 - 2011-12-23 10:19 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 21:14 - 2014-01-15 21:13 - 00731536 _____ () C:\Users\user\Downloads\GamesSetup(2).exe
2014-01-15 21:13 - 2014-01-15 21:13 - 00731536 _____ () C:\Users\user\Downloads\GamesSetup.exe
2014-01-15 21:13 - 2014-01-15 21:13 - 00731536 _____ () C:\Users\user\Downloads\GamesSetup(1).exe
2014-01-15 13:20 - 2009-07-14 04:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 09:23 - 2013-08-14 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 09:19 - 2012-01-01 21:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 08:50 - 2013-12-26 17:34 - 00005336 _____ () C:\Users\user\daemonprocess.txt
2014-01-09 08:40 - 2011-12-25 22:01 - 00001017 _____ () C:\Users\user\Desktop\Dropbox.lnk
2014-01-09 08:40 - 2011-12-21 22:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\ntdll_dump.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2012-07-19 05:29
 
==================== End Of Log ============================

attach.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Let me see the logs from above scans in next reply, also give an update on any remaining issues or concerns..

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Hi here are the logs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014

Ran by user at 2014-02-09 09:15:03 Run:1

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\.DEFAULT\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

HKU\S-1-5-19\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

HKU\S-1-5-20\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

HKU\S-1-5-21-764395833-1939329319-3225455460-1000\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

C:\Program Files (x86)\Free Ride Games

SearchScopes: HKCU - {C710F991-B813-491B-A0CB-8540172F1477} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtB0Ezy0F0FyBzzzyzz0EtDtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=281459687&ir=

FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\searchplugins\a-free-ride-games-bar-customized-web-search.xml

CHR DefaultSearchKeyword: mysearchdial.com

CHR DefaultSearchProvider: Mysearchdial

CHR DefaultSearchURL: http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtB0Ezy0F0FyBzzzyzz0EtDtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=281459687&ir=

S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

2014-02-01 11:49 - 2014-02-07 16:11 - 00000000 _____ () C:\Users\user\AppData\Local\esxfyxke.log

2014-01-31 23:01 - 2014-02-07 16:05 - 00752538 _____ () C:\Users\user\AppData\Local\irlmeiwf.log

2014-01-31 23:01 - 2014-02-07 15:48 - 00323000 _____ () C:\Users\user\AppData\Local\pdxtssuc.log

2014-01-31 23:01 - 2014-02-07 15:48 - 00003617 _____ () C:\Users\user\AppData\Local\nhewjtqy.log

2014-01-31 23:01 - 2014-02-07 15:48 - 00003288 _____ () C:\Users\user\AppData\Local\trnjxcua.log

2014-01-31 23:00 - 2014-02-07 16:13 - 00000000 ____D () C:\Users\user\AppData\Local\wrkehcle

2014-01-31 23:00 - 2014-02-07 16:11 - 00000028 _____ () C:\Users\user\AppData\Local\geojnbmo.log

2014-01-31 23:00 - 2014-02-07 15:48 - 00005370 _____ () C:\Users\user\AppData\Local\gbbqrwyd.log

2014-01-31 23:00 - 2014-01-31 23:00 - 00432112 _____ () C:\Users\user\AppData\Local\huswgbtl.log

2014-01-31 23:00 - 2014-01-31 23:00 - 00000064 _____ () C:\ProgramData\tfwhlptp.log

2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 _____ () C:\Users\user\AppData\Local\ijasaefa.log

2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 _____ () C:\Users\user\AppData\Local\cericbvl.log

C:\Users\user\AppData\Local\Temp\ntdll_dump.dll

C:\Users\user\AppData\Local\Temp\Quarantine.exe

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51

AlternateDataStreams: C:\ProgramData\Temp:93EB7685

AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE

End

*****************

 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.

HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.

HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.

HKU\S-1-5-21-764395833-1939329319-3225455460-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.

"C:\Program Files (x86)\Free Ride Games" => File/Directory not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C710F991-B813-491B-A0CB-8540172F1477} => Key deleted successfully.

HKCR\CLSID\{C710F991-B813-491B-A0CB-8540172F1477} => Key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget => Key deleted successfully.

C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll not found.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\searchplugins\a-free-ride-games-bar-customized-web-search.xml => Moved successfully.

CHR DefaultSearchKeyword: mysearchdial.com ==> The Chrome "Settings" can be used to fix the entry.

CHR DefaultSearchProvider: Mysearchdial ==> The Chrome "Settings" can be used to fix the entry.

CHR DefaultSearchURL: http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtB0Ezy0F0FyBzzzyzz0EtDtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=281459687&ir= ==> The Chrome "Settings" can be used to fix the entry.

X5XSEx_Pr143 => Service deleted successfully.

C:\Users\user\AppData\Local\esxfyxke.log => Moved successfully.

C:\Users\user\AppData\Local\irlmeiwf.log => Moved successfully.

C:\Users\user\AppData\Local\pdxtssuc.log => Moved successfully.

C:\Users\user\AppData\Local\nhewjtqy.log => Moved successfully.

C:\Users\user\AppData\Local\trnjxcua.log => Moved successfully.

C:\Users\user\AppData\Local\wrkehcle => Moved successfully.

C:\Users\user\AppData\Local\geojnbmo.log => Moved successfully.

C:\Users\user\AppData\Local\gbbqrwyd.log => Moved successfully.

C:\Users\user\AppData\Local\huswgbtl.log => Moved successfully.

C:\ProgramData\tfwhlptp.log => Moved successfully.

C:\Users\user\AppData\Local\ijasaefa.log => Moved successfully.

C:\Users\user\AppData\Local\cericbvl.log => Moved successfully.

C:\Users\user\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\user\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.

C:\ProgramData\Temp => ":93EB7685" ADS removed successfully.

C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.

 

==== End of Fixlog ====

 

# AdwCleaner v3.017 - Report created 07/02/2014 at 16:09:08

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : user - USER-PC

# Running from : F:\3rd Party Tools\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : Update BrowseSmart

Service Found : Util BrowseSmart

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Users\Public\Desktop\More FREE games.lnk

File Found : C:\Users\Public\Desktop\Play Free Games.lnk

File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

File Found : C:\users\user\AppData\Local\mysearchdial-speeddial.crx

File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\searchplugins\Mysearchdial.xml

File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\user.js

File Found : C:\users\user\Desktop\Mobogenie.lnk

File Found : C:\users\user\Desktop\MySearchDial.url

File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

File Found : C:\Windows\System32\Tasks\MySearchDial

File Found : C:\Windows\System32\Tasks\UpdaterEX

File Found : C:\Windows\Tasks\MySearchDial.job

File Found : C:\Windows\Tasks\UpdaterEX.job

Folder Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

Folder Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}

Folder Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Extensions\ffxtlbr@mysearchdial.com

Folder Found C:\Program Files (x86)\A_Free_Ride_Games_Bar

Folder Found C:\Program Files (x86)\BrowseSmart

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\Free Ride Games

Folder Found C:\Program Files (x86)\Mobogenie

Folder Found C:\Program Files (x86)\Mysearchdial

Folder Found C:\ProgramData\boost_interprocess

Folder Found C:\ProgramData\Free Ride Games

Folder Found C:\users\user\AppData\Local\Conduit

Folder Found C:\users\user\AppData\Local\genienext

Folder Found C:\users\user\AppData\Local\Mobogenie

Folder Found C:\users\user\AppData\LocalLow\A_Free_Ride_Games_Bar

Folder Found C:\users\user\AppData\LocalLow\Conduit

Folder Found C:\users\user\AppData\LocalLow\PriceGong

Folder Found C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games

Folder Found C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

Folder Found C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\ConduitCommon

Folder Found C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\CT1320680

Folder Found C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\Smartbar

Folder Found C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\ValueApps

Folder Found C:\users\user\AppData\Roaming\Mysearchdial

Folder Found C:\users\user\AppData\Roaming\newnext.me

Folder Found C:\users\user\AppData\Roaming\thinstall

Folder Found C:\users\user\AppData\Roaming\UpdaterEX

Folder Found C:\users\user\Documents\Mobogenie

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\A_Free_Ride_Games_Bar

Key Found : HKCU\Software\AppDataLow\Software\A_Free_Ride_Games_Bar

Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

Key Found : HKCU\Software\mysearchdial

Key Found : HKCU\Software\mysearchdial.com

Key Found : HKCU\Software\UpdaterEX

Key Found : [x64] HKCU\Software\A_Free_Ride_Games_Bar

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : [x64] HKCU\Software\mysearchdial

Key Found : [x64] HKCU\Software\mysearchdial.com

Key Found : [x64] HKCU\Software\UpdaterEX

Key Found : HKLM\Software\A_Free_Ride_Games_Bar

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16}

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1

Key Found : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget

Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore

Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1

Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd

Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1

Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr

Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Found : HKLM\Software\InstallCore

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C145FA7-8CD9-481A-8D48-CB9D142CED47}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5CD60EA-1B27-4AD3-94DB-91A566600FB1}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92A9FE4-2850-4198-B9D5-279880E49B16}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D110574-046A-43BB-A64C-4219E6A097DA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A_Free_Ride_Games_Bar Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainer]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 





 

-\\ Mozilla Firefox v27.0 (en-US)

 

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6s2izxyg.default\prefs.js ]

 

Line Found : user_pref("CT1320680..clientLogIsEnabled", true);



Line Found : user_pref("CT1320680.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);


Line Found : user_pref("CT1320680.BrowserCompStateIsOpen_129743096480413664", true);

Line Found : user_pref("CT1320680.BrowserCompStateIsOpen_129743096611979533", true);

Line Found : user_pref("CT1320680.BrowserCompStateIsOpen_129743096693544122", true);

Line Found : user_pref("CT1320680.BrowserCompStateIsOpen_129846697520509736", true);

Line Found : user_pref("CT1320680.BrowserCompStateIsOpen_129874375134152919", true);

Line Found : user_pref("CT1320680.CT1320680ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNDQ5NzAlMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMiV1MjVDRiUyMEZpeCUyMFBDJTIwRXJyb3JzJTIwJXUyMDEzJTIwJTI4RnJlZSUyOSUyMCV1Mj[...]

Line Found : user_pref("CT1320680.CT1320680current_term.enc", "");

Line Found : user_pref("CT1320680.CT1320680sdate.enc", "MTU=");

Line Found : user_pref("CT1320680.CTID", "CT1320680");

Line Found : user_pref("CT1320680.CommunitiesChangesLastCheckTime", "0");

Line Found : user_pref("CT1320680.CurrentServerDate", "9-11-2012");

Line Found : user_pref("CT1320680.DSInstall", true);

Line Found : user_pref("CT1320680.DialogsAlignMode", "LTR");

Line Found : user_pref("CT1320680.DialogsGetterLastCheckTime", "Fri Nov 09 2012 08:00:33 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.DownloadReferralCookieData", "");

Line Found : user_pref("CT1320680.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.FeedPollDate7902519", "Mon Jan 16 2012 13:04:06 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.FeedPollDate7902549", "Mon Jan 16 2012 13:04:06 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.FeedPollDate7902562", "Mon Jan 16 2012 13:04:06 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.FirstServerDate", "15-1-2012");

Line Found : user_pref("CT1320680.FirstTime", true);

Line Found : user_pref("CT1320680.FirstTimeFF3", true);

Line Found : user_pref("CT1320680.FixPageNotFoundErrors", true);

Line Found : user_pref("CT1320680.GK_FRG_MarchSweepstakes_NOTIF_SENT.enc", "c2VudA==");

Line Found : user_pref("CT1320680.GroupingInvalidateCache", false);

Line Found : user_pref("CT1320680.GroupingLastCheckTime", "0");

Line Found : user_pref("CT1320680.GroupingLastServerUpdateTime", "0");

Line Found : user_pref("CT1320680.GroupingServerCheckInterval", 1440);


Line Found : user_pref("CT1320680.HPInstall", true);

Line Found : user_pref("CT1320680.HasUserGlobalKeys", true);

Line Found : user_pref("CT1320680.HomePageProtectorEnabled", true);


Line Found : user_pref("CT1320680.Initialize", true);

Line Found : user_pref("CT1320680.InitializeCommonPrefs", true);

Line Found : user_pref("CT1320680.InstallationAndCookieDataSentCount", 3);

Line Found : user_pref("CT1320680.InstallationDate0.28359162748123.enc", "MTM2OTQ5MzI1ODYwMA==");

Line Found : user_pref("CT1320680.InstallationId", "Default-Default");

Line Found : user_pref("CT1320680.InstallationType", "ConduitXPEIntegration");

Line Found : user_pref("CT1320680.InstalledDate", "Sun Jan 15 2012 11:38:18 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.InvalidateCache", false);

Line Found : user_pref("CT1320680.IsAlertDBUpdated", true);

Line Found : user_pref("CT1320680.IsGrouping", false);

Line Found : user_pref("CT1320680.IsInitSetupIni", true);

Line Found : user_pref("CT1320680.IsMulticommunity", false);

Line Found : user_pref("CT1320680.IsOpenThankYouPage", false);

Line Found : user_pref("CT1320680.IsOpenUninstallPage", true);

Line Found : user_pref("CT1320680.IsProtectorsInit", true);

Line Found : user_pref("CT1320680.LanguagePackLastCheckTime", "Fri Nov 09 2012 08:00:33 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.LanguagePackReloadIntervalMM", 1440);


Line Found : user_pref("CT1320680.LastLogin_3.12.0.7", "Wed May 09 2012 15:09:21 GMT+0100 (GMT Daylight Time)");

Line Found : user_pref("CT1320680.LastLogin_3.12.2.3", "Thu May 31 2012 09:03:40 GMT+0100 (GMT Daylight Time)");

Line Found : user_pref("CT1320680.LastLogin_3.13.0.6", "Sun Jul 08 2012 16:32:17 GMT+0100 (GMT Daylight Time)");

Line Found : user_pref("CT1320680.LastLogin_3.14.1.0", "Wed Jul 25 2012 11:15:27 GMT+0100 (GMT Daylight Time)");

Line Found : user_pref("CT1320680.LastLogin_3.15.1.0", "Fri Nov 09 2012 08:00:33 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.LastLogin_3.9.0.3", "Mon Jan 16 2012 13:04:06 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.LatestVersion", "3.16.0.3");

Line Found : user_pref("CT1320680.Locale", "en");

Line Found : user_pref("CT1320680.LoginRevertSettingsEnabled", true);

Line Found : user_pref("CT1320680.MCDetectTooltipHeight", "83");


Line Found : user_pref("CT1320680.MCDetectTooltipWidth", "295");

Line Found : user_pref("CT1320680.MyStuffEnabledAtInstallation", true);

Line Found : user_pref("CT1320680.OriginalFirstVersion", "3.9.0.3");

Line Found : user_pref("CT1320680.PG_ENABLE", "dHJ1ZQ==");

Line Found : user_pref("CT1320680.PG_ENABLE.enc", "dHJ1ZQ==");

Line Found : user_pref("CT1320680.RadioIsPodcast", false);

Line Found : user_pref("CT1320680.RadioLastCheckTime", "Sun Jan 15 2012 22:53:30 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.RadioLastUpdateIPServer", "3");

Line Found : user_pref("CT1320680.RadioLastUpdateServer", "128929877726170000");

Line Found : user_pref("CT1320680.RadioMediaID", "7842858");

Line Found : user_pref("CT1320680.RadioMediaType", "Media Player");

Line Found : user_pref("CT1320680.RadioMenuSelectedID", "EBRadioMenu_CT13206807842858");

Line Found : user_pref("CT1320680.RadioShrinkedFromSetup", false);

Line Found : user_pref("CT1320680.RadioStationName", "Channel%202%20-%20Hip%20Hop%2C%20Rap%20Praise");


Line Found : user_pref("CT1320680.SF_JUST_INSTALLED.enc", "RkFMU0U=");

Line Found : user_pref("CT1320680.SF_STATUS.enc", "RU5BQkxFRA==");

Line Found : user_pref("CT1320680.SF_USER_ID.enc", "Y2lkXzIwNjIwMTM5NTU0ODc0Nzk1NDM=");

Line Found : user_pref("CT1320680.SearchCaption", "A Free Ride Games Bar Customized Web Search");

Line Found : user_pref("CT1320680.SearchEngineBeforeUnload", "A Free Ride Games Bar Customized Web Search");

Line Found : user_pref("CT1320680.SearchFromAddressBarIsInit", true);


Line Found : user_pref("CT1320680.SearchInNewTabEnabled", true);

Line Found : user_pref("CT1320680.SearchInNewTabIntervalMM", 1440);

Line Found : user_pref("CT1320680.SearchInNewTabLastCheckTime", "Fri Nov 09 2012 08:00:32 GMT+0000 (GMT Standard Time)");


Line Found : user_pref("CT1320680.SearchProtectorEnabled", true);

Line Found : user_pref("CT1320680.SearchProtectorToolbarDisabled", false);

Line Found : user_pref("CT1320680.SendProtectorDataViaLogin", true);

Line Found : user_pref("CT1320680.ServiceMapLastCheckTime", "Fri Nov 09 2012 08:00:33 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.SettingsLastCheckTime", "Fri Nov 09 2012 08:00:32 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.SettingsLastUpdate", "1352142245");


Line Found : user_pref("CT1320680.ThirdPartyComponentsInterval", 504);

Line Found : user_pref("CT1320680.ThirdPartyComponentsLastCheck", "Sun Jan 15 2012 11:38:16 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.ThirdPartyComponentsLastUpdate", "1312887586");

Line Found : user_pref("CT1320680.ToolbarShrinkedFromSetup", false);

Line Found : user_pref("CT1320680.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]

Line Found : user_pref("CT1320680.UserID", "UN87527260186954640");

Line Found : user_pref("CT1320680.ValidationData_Toolbar", 2);

Line Found : user_pref("CT1320680.addressBarTakeOverEnabledInHidden", "true");

Line Found : user_pref("CT1320680.alertChannelId", "19248");

Line Found : user_pref("CT1320680.autoDisableScopes", -1);












Line Found : user_pref("CT1320680.browser.search.defaultthis.engineName", true);

Line Found : user_pref("CT1320680.cbfirsttime.enc", "U2F0IE1heSAyNSAyMDEzIDE1OjQ3OjU0IEdNVCswMTAwIChHTVQgU3RhbmRhcmQgVGltZSk=");

Line Found : user_pref("CT1320680.components.128889336396712619", false);

Line Found : user_pref("CT1320680.components.128896161987919113", false);

Line Found : user_pref("CT1320680.components.129089761565625867", false);

Line Found : user_pref("CT1320680.components.129627940390701685", false);

Line Found : user_pref("CT1320680.countryCode", "GB");

Line Found : user_pref("CT1320680.defaultSearch", "true");

Line Found : user_pref("CT1320680.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AwIiwidmVyc2lvbiI6MTB9");

Line Found : user_pref("CT1320680.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc2NTEwMjc4ODEwLDE0NDAwMDAwXX0=");

Line Found : user_pref("CT1320680.discover-user-id.enc", "ImQ5MmQzNDcxLWM5MWYtNDFkMS05YWU3LWRhNjU5ZGI1OGNjMiI=");

Line Found : user_pref("CT1320680.enableAlerts", "true");

Line Found : user_pref("CT1320680.enableFix404ByUser", "TRUE");

Line Found : user_pref("CT1320680.enableSearchFromAddressBar", "true");

Line Found : user_pref("CT1320680.firstTimeDialogOpened", true);

Line Found : user_pref("CT1320680.fixPageNotFoundError", "true");

Line Found : user_pref("CT1320680.fixPageNotFoundErrorByUser", "true");

Line Found : user_pref("CT1320680.fixPageNotFoundErrorInHidden", "true");

Line Found : user_pref("CT1320680.fixUrls", true);

Line Found : user_pref("CT1320680.fullUserID", "UN87527260186954640.UP.20130627083941");


Line Found : user_pref("CT1320680.globalFirstTimeInfoLastCheckTime", "Mon Jan 16 2012 13:04:06 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.ground-country-code.enc", "IkdCIg==");

Line Found : user_pref("CT1320680.homepageProtectorEnableByLogin", true);

Line Found : user_pref("CT1320680.homepageuserchanged", true);

Line Found : user_pref("CT1320680.hover_counter.enc", "MQ==");

Line Found : user_pref("CT1320680.hxxp___api10_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api15_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api16_similarsites_com.pid2.enc", "YTE2YmE0NTQ1ZDM5YzY2OA==");

Line Found : user_pref("CT1320680.hxxp___api16_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api18_similarsites_com.pid2.enc", "YTE2YmE0NTQ1ZDM5YzY2OA==");

Line Found : user_pref("CT1320680.hxxp___api18_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api19_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api20_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api21_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api22_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api25_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api26_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___api28_starwebnet_com.pid2.enc", "NDQyNzBkYmUtYjhmYi02ZTY5LTMzZTUtODMzNzFlZDM0NDkz");

Line Found : user_pref("CT1320680.hxxp___api29_starwebnet_com.pid2.enc", "NTc3NjYxYWQtZWJjYS1lZjEyLWNiOTktNDgxNmZlZGMxMWYx");

Line Found : user_pref("CT1320680.hxxp___api30_starwebnet_com.pid2.enc", "NDBjZjJjMzUtMjc0MS0yYzdlLTFhODYtMTFhZTMyMDM2NWRl");

Line Found : user_pref("CT1320680.hxxp___api31_starwebnet_com.pid2.enc", "ZDEzMjdkZTEtOWExMi02M2ZlLTViMTgtNWRmM2RjMGMwYWM5");

Line Found : user_pref("CT1320680.hxxp___api32_starwebnet_com.pid2.enc", "Njg5ZWZiMzUtYTEzNi05NTIxLTAwYmMtZTFiMjU2ZTdhOWEx");

Line Found : user_pref("CT1320680.hxxp___api6_starwebnet_com.pid2", "Y2YyNWY3ZGRjN2U2NzE0OQ==");

Line Found : user_pref("CT1320680.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPXllcywgc2Nyb2xsYmFycz15ZXMsIGhzY3JvbGw9bm8gLHZzY3JvbGw9bm8sIHRpdGxlYmFyPXllcywgY2xvc2VvbmV4dGVybmFsY2xpY2[...]

Line Found : user_pref("CT1320680.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbeyJpZCI6IjEwMiIsInR5cGUiOiJiYXIiLCJ2YWxpZGl0eSI6InBlcnNpc3QiLCJkYXRhIjp7ImhlaWdodCI6Ij[...]

Line Found : user_pref("CT1320680.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]

Line Found : user_pref("CT1320680.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ODM0ZmY5NTMtYjA4Zi1jYTE5LTcwOGEtODAwZGI2MTIzMWI2");

Line Found : user_pref("CT1320680.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");

Line Found : user_pref("CT1320680.impression_counter.enc", "NQ==");

Line Found : user_pref("CT1320680.impression_session_counter.enc", "MQ==");

Line Found : user_pref("CT1320680.impression_session_id.enc", "ImFmZGQzZjM1LTk0ZTQtNGE0MS1hOTQyLTU0NDAzZmQwN2QwYSI=");

Line Found : user_pref("CT1320680.impression_session_last_active.enc", "MTM3NjUxMTQ4MjI3OA==");

Line Found : user_pref("CT1320680.initDone", true);

Line Found : user_pref("CT1320680.installId", "free_ride_games.exe");

Line Found : user_pref("CT1320680.installType", "conduitnsisintegration");

Line Found : user_pref("CT1320680.isAppTrackingManagerOn", true);

Line Found : user_pref("CT1320680.isCheckedStartAsHidden", true);

Line Found : user_pref("CT1320680.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.isFirstRadioInstallation", false);

Line Found : user_pref("CT1320680.isFirstTimeToolbarLoading", "false");

Line Found : user_pref("CT1320680.isNewTabEnabled", true);

Line Found : user_pref("CT1320680.isPerformedSmartBarTransition", "true");

Line Found : user_pref("CT1320680.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Found : user_pref("CT1320680.keyword", true);


Line Found : user_pref("CT1320680.lastVersion", "10.23.0.822");

Line Found : user_pref("CT1320680.mam_gk_appStateReportTime.enc", "MTM3NjU1ODgwOTY1Ng==");

Line Found : user_pref("CT1320680.mam_gk_appState_CouponBuddy.enc", "b24=");

Line Found : user_pref("CT1320680.mam_gk_appState_Easytobook.enc", "b24=");

Line Found : user_pref("CT1320680.mam_gk_appState_Easytobook_targeted.enc", "b24=");

Line Found : user_pref("CT1320680.mam_gk_appState_PriceGong.enc", "b24=");

Line Found : user_pref("CT1320680.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]

Line Found : user_pref("CT1320680.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");

Line Found : user_pref("CT1320680.mam_gk_calledSetupService.enc", "MQ==");

Line Found : user_pref("CT1320680.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiYTNlNjNhYzAtZWVjMy00ZWViLTgxNDctYjRhYWQ5NjkyMjkxIiwiZG9tYWlucyI6WyI[...]

Line Found : user_pref("CT1320680.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");

Line Found : user_pref("CT1320680.mam_gk_existingUsersRecoveryDone.enc", "MQ==");

Line Found : user_pref("CT1320680.mam_gk_first_time.enc", "MQ==");

Line Found : user_pref("CT1320680.mam_gk_lastLoginTime.enc", "MTM3NjU1ODgxMTA5NA==");

Line Found : user_pref("CT1320680.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]

Line Found : user_pref("CT1320680.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Line Found : user_pref("CT1320680.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODdfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiR0IiLCJpc1dlbGNvbWVFeHBl[...]

Line Found : user_pref("CT1320680.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]

Line Found : user_pref("CT1320680.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiO[...]

Line Found : user_pref("CT1320680.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODdfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiR0IiLCJpc1dlbGNvbWVFeHBlc[...]

Line Found : user_pref("CT1320680.mam_gk_showCloseButton.enc", "dHJ1ZQ==");

Line Found : user_pref("CT1320680.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Line Found : user_pref("CT1320680.mam_gk_userId.enc", "OWEwYjc3NDEtM2NkYi00M2UwLWFjMWEtMWM2Mzc2OTJlNmMx");

Line Found : user_pref("CT1320680.mam_gk_user_approval_interacted.enc", "MQ==");

Line Found : user_pref("CT1320680.mam_gk_welcomeDialogMode.enc", "MQ==");

Line Found : user_pref("CT1320680.migrateAppsAndComponents", true);

Line Found : user_pref("CT1320680.myStuffEnabled", true);

Line Found : user_pref("CT1320680.myStuffPublihserMinWidth", 400);


Line Found : user_pref("CT1320680.myStuffServiceIntervalMM", 1440);



Line Found : user_pref("CT1320680.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.oldAppsList", "128376922467307076,128376922510588328,111,129627940390701685,128889336396712619,128601927265400729,128896161987919113,129324825422237622,129646326575106330,12908976[...]

Line Found : user_pref("CT1320680.openThankYouPage", "false");

Line Found : user_pref("CT1320680.openUninstallPage", "true");


Line Found : user_pref("CT1320680.originalSearchEngine", "A Free Ride Games Bar Customized Web Search");

Line Found : user_pref("CT1320680.originalSearchEngineName", "A Free Ride Games Bar Customized Web Search");

Line Found : user_pref("CT1320680.revertSettingsEnabled", true);

Line Found : user_pref("CT1320680.search.searchAppId", "128376922510588328");

Line Found : user_pref("CT1320680.search.searchCount", "0");

Line Found : user_pref("CT1320680.searchInNewTabEnabledByUser", "true");

Line Found : user_pref("CT1320680.searchInNewTabEnabledInHidden", "true");

Line Found : user_pref("CT1320680.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Found : user_pref("CT1320680.searchProtectorDialogDelayInSec", 10);

Line Found : user_pref("CT1320680.searchProtectorEnableByLogin", true);

Line Found : user_pref("CT1320680.searchSuggestEnabledByUser", "true");

Line Found : user_pref("CT1320680.searchUserMode", "false");

Line Found : user_pref("CT1320680.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

Line Found : user_pref("CT1320680.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1320680\"}");


Line Found : user_pref("CT1320680.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"A Free Ride Games Bar \"}");

Line Found : user_pref("CT1320680.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Found : user_pref("CT1320680.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Found : user_pref("CT1320680.serviceLayer_services_Configuration_lastUpdate", "1391789196810");

Line Found : user_pref("CT1320680.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376297728129");

Line Found : user_pref("CT1320680.serviceLayer_services_appsMetadata_lastUpdate", "1376425677617");

Line Found : user_pref("CT1320680.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376297728303");

Line Found : user_pref("CT1320680.serviceLayer_services_location_lastUpdate", "1372246709844");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358368982789");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.14.370.524_lastUpdate", "1366017264025");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.14.40.128_lastUpdate", "1363207027784");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362002688011");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365847187393");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.15.2.523_lastUpdate", "1372267195299");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374662264655");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377710112137");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378887687744");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380471836004");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382513662357");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384520038539");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385043942891");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386882574233");

Line Found : user_pref("CT1320680.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388067106976");

Line Found : user_pref("CT1320680.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376297728330");

Line Found : user_pref("CT1320680.serviceLayer_services_searchAPI_lastUpdate", "1391789196539");

Line Found : user_pref("CT1320680.serviceLayer_services_serviceMap_lastUpdate", "1391789196313");

Line Found : user_pref("CT1320680.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376297728268");

Line Found : user_pref("CT1320680.serviceLayer_services_toolbarSettings_lastUpdate", "1391789196404");

Line Found : user_pref("CT1320680.serviceLayer_services_translation_lastUpdate", "1391789196513");

Line Found : user_pref("CT1320680.settingsINI", true);

Line Found : user_pref("CT1320680.shouldFirstTimeDialog", "false");

Line Found : user_pref("CT1320680.showToolbarPermission", "false");

Line Found : user_pref("CT1320680.smartbar.CTID", "CT1320680");

Line Found : user_pref("CT1320680.smartbar.Uninstall", "0");

Line Found : user_pref("CT1320680.smartbar.isHidden", true);

Line Found : user_pref("CT1320680.smartbar.toolbarName", "A Free Ride Games Bar ");

Line Found : user_pref("CT1320680.startPage", "true");

Line Found : user_pref("CT1320680.testingCtid", "");

Line Found : user_pref("CT1320680.toolbarAppHeartbeat.enc", "eyIxMjk3NTYwMDUyMzUwNjkyODQiOjEzNjk0OTMyNTg1OTh9");

Line Found : user_pref("CT1320680.toolbarAppMetaDataLastCheckTime", "Fri Nov 09 2012 08:00:33 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.toolbarBornServerTime", "15-1-2012");

Line Found : user_pref("CT1320680.toolbarContextMenuLastCheckTime", "Sun Jan 15 2012 11:38:18 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.toolbarCurrentServerTime", "26-12-2013");

Line Found : user_pref("CT1320680.toolbarLoginClientTime", "Thu Mar 14 2013 09:04:35 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CT1320680.toolbarNotificationHeartbeat.enc", "eyJ0eXBlIjoiaGVhcnRiZWF0IiwidGltZSI6MTM2OTQ5MzI4NjcyNCwidXJsIjoiaHR0cDovL3d3dy5iYXJjbGF5cy5jby51ay9QMTI0MjYwMTI3MDk3NSJ9");

Line Found : user_pref("CT1320680.toolbarNotificationQueue.enc", "W3siYXBwIjowLjI4MzU5MTYyNzQ4MTIzLCJhcmdzIjp7ImlkIjowLjI4MzU5MTYyNzQ4MTIzLCJ0b29sYmFySWQiOiJDVDEzMjA2ODAiLCJuYW1lIjoiRnJlZSBSaWRlIEdhbWVzIiwidGl0bGU[...]

Line Found : user_pref("CT1320680.toolbarNotificationSettings.enc", "eyJzZW5kTm90aWZpY2F0aW9ucyI6eyJhbGwiOnRydWUsImFwcHMiOnsiMC4yODM1OTE2Mjc0ODEyMyI6eyJzaG93Ijp0cnVlLCJhcHBOYW1lIjoiRnJlZSBSaWRlIEdhbWVzIiwiZmlyc3RU[...]

Line Found : user_pref("CT1320680.toolbarNotificationUserId.enc", "ODU0MzI3MjQxNTY=");

Line Found : user_pref("CT1320680.url_history0001.enc", "aHR0cDovL3d3dy5icm9sbGllc2dhbG9yZS5jby51ay9hY2F0YWxvZy9NaW5pbGl0ZS1Gb2xkaW5nLVVtYnJlbGxhLS0tRmxvcmFsLU1lYWRvdy0xLmh0bWw6OjpjbGlja2hhbmRsZXI6OjoxMzc2Mzk4MjU1[...]

Line Found : user_pref("CT1320680.usagesFlag", 2);

Line Found : user_pref("CT1320680_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391789194530,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");


Line Found : user_pref("CommunityToolbar.ConduitSearchList", "A Free Ride Games Bar Customized Web Search");



















Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");

Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1320680");

Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1320680");

Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1320680");

Line Found : user_pref("CommunityToolbar.globalUserId", "ae543102-1c53-4d8a-9ca7-45594e19cbf5");

Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1320680");

Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 16 2012 13:04:09 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 15 2012 22:53:30 GMT+0000 (GMT Standard Time)");


Line Found : user_pref("CommunityToolbar.notifications.locale", "en");

Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 16 2012 13:04:06 GMT+0000 (GMT Standard Time)");

Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);


Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Line Found : user_pref("CommunityToolbar.notifications.userId", "3aa5642d-899d-4279-8511-272c934e3527");


Line Found : user_pref("Smartbar.ConduitHomepagesList", "");

Line Found : user_pref("Smartbar.ConduitSearchEngineList", "A Free Ride Games Bar Customized Web Search");


Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT1320680");

Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

Line Found : user_pref("browser.search.defaultthis.engineName", "A Free Ride Games Bar Customized Web Search");


Line Found : user_pref("browser.search.order.1", "Mysearchdial");

Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");


Line Found : user_pref("extensions.enabledAddons", "copylinktext%40brett.zamir:1.5.3,CuteButtonsCrystalSVG%40ChoGGi:0.3.3,fasttrans%40kemot:1.10.1,instaclick%40leahscape.com:2.1,restart%40restart.org:0.5,savedpass[...]

Line Found : user_pref("extensions.ffxtlbr@mysearchdial.com.install-event-fired", true);

Line Found : user_pref("extensions.mysearchdial.aflt", "dnldstr1202");

Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutCtDyBzz0DtB0Ezy0F0FyBzzzyzz0EtDtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

Line Found : user_pref("extensions.mysearchdial.cntry", "GB");

Line Found : user_pref("extensions.mysearchdial.cr", "281459687");

Line Found : user_pref("extensions.mysearchdial.dfltLng", "");

Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Found : user_pref("extensions.mysearchdial.dnsErr", true);

Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]

Line Found : user_pref("extensions.mysearchdial.excTlbr", false);

Line Found : user_pref("extensions.mysearchdial.hdrMd5", "7019FCEE25B9C4E3319CD80918FD8072");

Line Found : user_pref("extensions.mysearchdial.hmpg", true);



Line Found : user_pref("extensions.mysearchdial.id", "1078D2E9FF7898E0");

Line Found : user_pref("extensions.mysearchdial.instlDay", "16065");

Line Found : user_pref("extensions.mysearchdial.instlRef", "");


Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.017:33:3");


Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Found : user_pref("extensions.mysearchdial.sg", "none");

Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");


Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Found : user_pref("extensions.mysearchdial_i.newTab", false);

Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.017:33:3");


Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);

Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT1320680");


Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT1320680");

Line Found : user_pref("smartbar.machineId", "TQRRZ2XVHWT65NTUX0TJQVTF6PMYLQR7BQWIELPUWTGQX+OFT4XDZDAYXE7DYEQ2RE2NZAJAL1PAFY9ZU1G/GG");


Line Found : user_pref("valueApps.CT1320680.mam_gk_currentVersion", "312E31332E302E3137");

Line Found : user_pref("valueApps.CT1320680.mam_gk_currentVersion.storedInFile", false);

Line Found : user_pref("valueApps.CT1320680.mam_gk_globalKeysMigratedToLocalStorage", "31");

Line Found : user_pref("valueApps.CT1320680.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);

Line Found : user_pref("valueApps.CT1320680.mam_gk_migrated_from_ls", "31");

Line Found : user_pref("valueApps.CT1320680.mam_gk_migrated_from_ls.storedInFile", false);

Line Found : user_pref("valueApps.CT1320680.mam_gk_userBornDate", "4E2F41");

Line Found : user_pref("valueApps.CT1320680.mam_gk_userBornDate.storedInFile", false);

Line Found : user_pref("valueApps.CT1320680.mam_gk_userId", "39613062373734312D336364622D343365302D616331612D316336333736393265366331");

Line Found : user_pref("valueApps.CT1320680.mam_gk_userId.storedInFile", false);

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : homepage

Found : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [54578 octets] - [07/02/2014 16:09:08]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [54639 octets] ##########

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Home Premium x64

Ran by user on 09/02/2014 at 20:23:02.27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Free Ride Games

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\syswow64\sho83A.tmp

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\6s2izxyg.default\extensions\{ef522540-89f5-46b9-b6fe-1829e2b572c6}

Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\6s2izxyg.default\prefs.js

 



Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\6s2izxyg.default\minidumps [1096 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/02/2014 at 20:27:33.51

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.09.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

user :: USER-PC [administrator]

 

Protection: Enabled

 

09/02/2014 20:33:52

mbam-log-2014-02-09 (20-33-52).txt

 

Scan type: Full scan (C:\|D:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Heuristics/Extra | P2P

Objects scanned: 282523

Time elapsed: 1 hour(s), 18 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 40

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\A_Free_Ride_Games_BarToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\A_Free_Ride_Games_BarToolbarHelper1.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\hk64tbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\hktbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\ldrtbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\A_Free_Ride_Games_Bar\tbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe.vir (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe.vir (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Conduit\CT1320680\A_Free_Ride_Games_BarAutoUpdateHelper.exe.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\genienext\nengine.dll.vir (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\A_Free_Ride_Games_Bar\hk64tbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\A_Free_Ride_Games_Bar\hktbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\A_Free_Ride_Games_Bar\ldrtbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\A_Free_Ride_Games_Bar\tbA_F0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\newnext.me\nengine.dll.vir (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Internet Download Manager\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVVBXVSS\mailpv[1].exe (PUP.MailPassView) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOR4BL1T\produkey[1].exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.

C:\Users\user\Desktop\mums games\Alpha Ball V1.4\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Users\user\Desktop\mums games\TreeCardGames.Sudoku.Up.2011.v5.1.Incl.Keymaker-CORE_softarsiv.softarchive.net\TreeCardGames.Sudoku.Up.2011.v5.1.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.

C:\Users\user\Desktop\mums games\Zuma\WinZumaSetup.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

D:\installed programs\idman.6.08.Build.3.Beta.dizel2008.softarchive.net\BRD\BRD\Keygen\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

D:\installed programs\idman.6.08.Build.3.Beta.dizel2008.softarchive.net\BRD\BRD\Keygen\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

D:\installed programs\WinRAR.4.00.b1\Keygen.rar (Trojan.Agent) -> Quarantined and deleted successfully.

D:\installed programs\WinRAR.4.00.b1\Keygen\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

D:\installed programs\Yamicsoft.Windows.7.Manager.v3.0.6_hat.softarchive.net\Yamicsoft.Windows.7.Manager.v3.0.6.Incl.Keygen-Lz0\lzioidw1\Linezer0.part6.rar (Riskware.Tool.CK) -> Quarantined and deleted successfully.

D:\installed programs\Yamicsoft.Windows.7.Manager.v3.0.6_hat.softarchive.net\Yamicsoft.Windows.7.Manager.v3.0.6.Incl.Keygen-Lz0\lzioidw1\Linezer0\keygen\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

D:\installed programs\Yamicsoft.Windows.7.Manager.v3.0.6_hat.softarchive.net\Yamicsoft.Windows.7.Manager.v3.0.6.Incl.Keygen-Lz0\lzioidw4\Linezer0.part6.rar (Riskware.Tool.CK) -> Quarantined and deleted successfully.

D:\installed programs\Yamicsoft.Windows.7.Manager.v3.0.6_hat.softarchive.net\Yamicsoft.Windows.7.Manager.v3.0.6.Incl.Keygen.X64-Lz0\lzxrcuv1\Linezer0\keygen\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

D:\my downloads\LotterySetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

 

(end)

 

Just a couple of things i didnt want to delete with adwcleaner as i was unsure.

 

Things seem OK.


Link to post
Share on other sites

Run the following and post the log:

 

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important - Save it to your desktop.

Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).

Give permission if necessary, and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved. Please run the program once only.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Link to post
Share on other sites

Here are the CK results.

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\bejeweled 2\sounds\firecrackle.ogg
c:\program files (x86)\gamehouse\solitaire3\crack super gamehouse solitaire vol.3.exe
c:\users\user\desktop\games\babel deluxe\media\properties\minigames\crackthecode.xml
c:\users\user\desktop\mums games\alchemy deluxe v1.2\alchemy.deluxe.1.2.keygen-tsrh.exe
c:\users\user\desktop\mums games\babel_deluxe_1905\babel deluxe\babel deluxe\babel deluxe\babel deluxe\media\properties\minigames\crackthecode.xml
c:\users\user\desktop\mums games\ballistik\ballistik-setup exe  crack.zip
c:\users\user\desktop\mums games\ballistik\ballistik-setup.exe + crack\ballistik-setup.exe
c:\users\user\desktop\mums games\ballistik\ballistik-setup.exe + crack\ballistik.exe
c:\users\user\desktop\mums games\ballon blast v 1.0\crack.exe
c:\users\user\desktop\mums games\dynomite v2.1\popcap games dynomite v2.01 winall cracked-eat sharereactor.rar
c:\users\user\desktop\mums games\dynomite v2.1\crack\eat.nfo
c:\users\user\desktop\mums games\elite jigsaw puzzle\crack\cphv.nfo
c:\users\user\desktop\mums games\elite jigsaw puzzle\crack\puzzles.exe
c:\users\user\desktop\mums games\fiber twig\no necesita crack ni nada.txt
c:\users\user\desktop\mums games\jewel quest\crack.zip
c:\users\user\desktop\mums games\puzzle inlay\puzzle inlay v1.45 crack.exe
c:\users\user\desktop\mums games\ricochet extreme\crack ricochet extreme.exe
c:\users\user\desktop\mums games\super solitaire 3\crack super gamehouse solitaire vol.3.exe
c:\users\user\desktop\mums games\treecardgames.sudoku.up.2011.v5.1.incl.keymaker-core_softarsiv.softarchive.net\treecardgames.sudoku.up.2011.v5.1.incl.keymaker-core\keygen.exe
c:\users\user\desktop\mums games\wik and the fable of souls\nma.wik.and.the.fable.of.souls.040809ra.crack.exe
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack).exe
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\zuma.exe
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\blackswirley\blackswirley-1.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\blackswirley\blackswirley-2.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\claw\claw.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\coaster\coaster.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\groovefest\groovefest.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\inversespiral\inversespiral.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\longrange\longrange.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\loopy\loopy.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\overunder\overunder.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\riverbed\riverbed.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\serpents\serpents-1.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\serpents\serpents-2.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\snakepit\snakepit-1.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\snakepit\snakepit-2.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\space\space.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\spaceinvaders\spaceinvaders.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\spiral\spiral.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\squaresville\squaresville.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\targetglyph\targetglyph.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\tiltspiral\tiltspiral.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\triangle\triangle.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\tunnellevel\tunnellevel.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\turnaround\turnaround.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\underover\underover.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\levels\warshak\warshak.dat
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\properties\partner.xml
c:\users\user\desktop\mums games\zuma\popcap zuma deluxe! v1.0 (crack)\properties\partner.xml.sig
scanner sequence 3.ZZ.11.TENAWZ
 ----- EOF ----- 
Link to post
Share on other sites

Hi, i had no idea i had pirated software on my desktop. I am a 68 year old woman who was bought this desktop by my daughter when she visited me a few years ago, she lives in Greece. It was set up for me and they had put me games on plus setup security etc.

 

The piracy policy says "We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system"

 

Please, i

had no idea and had not suffered from any problems until two weeks ago. Will you help me remove the games and continue your much appreciated help

 

Regards

Link to post
Share on other sites

Ok, you remove illegal software and we can continue:

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is ticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Let me know if there are any remaining issues or concerns when ESET is finished..

 

Kevin

Link to post
Share on other sites

That is absolutely fine, if no issues and system responds well do this please:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools
       
  • Purge System Restore

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Make sure these versions are gone...

 

Java 6 Update 29 (x32 Version: 6.0.290 - Oracle)
Java 7 Update 2 (64-bit) (Version: 7.0.20 - Oracle)

 

Let me know if those steps complete OK....

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

 

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Kevin

Link to post
Share on other sites

Farbar Service Scanner Version: 02-02-2014

Ran by user (administrator) on 11-02-2014 at 21:45:53

Running from "C:\Users\user\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

 

 

Firewall Disabled Policy: 

==================

"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Disabled. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Disabled. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

 

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

Link to post
Share on other sites

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

Rerun FSS and post a fresh log....

Link to post
Share on other sites

Hi, latest log.

 

Farbar Service Scanner Version: 02-02-2014
Ran by user (administrator) on 12-02-2014 at 07:49:14
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
Regards
Link to post
Share on other sites

Please download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

Tweak1_zps10f67b3e.jpg

 

 

From the main GUI do the following:

 

 

Select Tab 2 and allow it to run Disk check

 

 

Tweak2_zps947b9008.jpg

 

 

Select Tab 3 and allow it to run SFC

 

 

Tweak3_zps64a1b448.jpg

 

 

Select Tab 4 and Create System Restore Point

 

 

Tweak4_zps98ef6707.jpg

 

 

Select Repairs tab => Click the Start

 

 

Tweak5_zps71b85f1c.jpg

 

 

The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...

 

 

Tweak6_zpsd6411a53.jpg

 

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select “settings” tab > “open log folder” tab, log will be named _Windows_Repair_Log

 

Also post fresh FSS log when that completes...

 

Kevin

Link to post
Share on other sites

 

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: USER-PC

Windows Drive: C:\

Windows Path: C:\Windows

Current Profile: C:\Users\user

Current Profile SID: S-1-5-21-764395833-1939329319-3225455460-1000

Current Profile Classes: S-1-5-21-764395833-1939329319-3225455460-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\user\AppData\Local

--------------------------------------------------------------------------------

 

Starting Repairs...

   Start (12/02/2014 17:24:12)

 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (12/02/2014 17:24:12)

   Running Repair Under Current User Account

   Done (12/02/2014 17:24:14)

 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (12/02/2014 17:24:14)

   Running Repair Under System Account

   Done (12/02/2014 17:25:24)

 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (12/02/2014 17:25:24)

   Running Repair Under System Account

   Done (12/02/2014 17:25:45)

 

03 - Register System Files

   Start (12/02/2014 17:25:45)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:26:02)

 

04 - Repair WMI

   Start (12/02/2014 17:26:02)

   Running Repair Under Current User Account

   Done (12/02/2014 17:27:49)

 

05 - Repair Windows Firewall

   Start (12/02/2014 17:27:49)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:28:08)

 

06 - Repair Internet Explorer

   Start (12/02/2014 17:28:08)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:28:33)

 

07 - Repair MDAC/MS Jet

   Start (12/02/2014 17:28:33)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:28:44)

 

08 - Repair Hosts File

   Start (12/02/2014 17:28:44)

   Running Repair Under System Account

   Done (12/02/2014 17:28:46)

 

09 - Remove Policies Set By Infections

   Start (12/02/2014 17:28:46)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:28:51)

 

11 - Repair Icons

   Start (12/02/2014 17:28:51)

   Running Repair Under System Account

   Done (12/02/2014 17:28:53)

 

12 - Repair Winsock & DNS Cache

   Start (12/02/2014 17:28:53)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:29:12)

 

14 - Repair Proxy Settings

   Start (12/02/2014 17:29:12)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:29:17)

 

16 - Repair Windows Updates

   Start (12/02/2014 17:29:17)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:29:43)

 

17 - Repair CD/DVD Missing/Not Working

   Start (12/02/2014 17:29:43)

   iTunes not found, not applying UpperFilters iTunes Reg Key

   Done (12/02/2014 17:29:43)

 

18 - Repair Volume Shadow Copy Service

   Start (12/02/2014 17:29:43)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:29:47)

 

20 - Repair MSI (Windows Installer)

   Start (12/02/2014 17:29:47)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:00)

 

22.01 - Repair bat Association

   Start (12/02/2014 17:30:00)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:05)

 

22.02 - Repair cmd Association

   Start (12/02/2014 17:30:05)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:09)

 

22.03 - Repair com Association

   Start (12/02/2014 17:30:09)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:14)

 

22.04 - Repair Directory Association

   Start (12/02/2014 17:30:14)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:19)

 

22.05 - Repair Drive Association

   Start (12/02/2014 17:30:19)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:23)

 

22.06 - Repair exe Association

   Start (12/02/2014 17:30:23)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:28)

 

22.07 - Repair Folder Association

   Start (12/02/2014 17:30:28)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:33)

 

22.08 - Repair inf Association

   Start (12/02/2014 17:30:33)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:37)

 

22.09 - Repair lnk (Shortcuts) Association

   Start (12/02/2014 17:30:37)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:42)

 

22.10 - Repair msc Association

   Start (12/02/2014 17:30:42)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:47)

 

22.11 - Repair reg Association

   Start (12/02/2014 17:30:47)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:51)

 

22.12 - Repair scr Association

   Start (12/02/2014 17:30:51)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:30:56)

 

23 - Repair Windows Safe Mode

   Start (12/02/2014 17:30:56)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:31:01)

 

24 - Repair Print Spooler

   Start (12/02/2014 17:31:01)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:31:13)

 

25 - Restore Important Windows Services

   Start (12/02/2014 17:31:13)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:31:18)

 

26 - Set Windows Services To Default Startup

   Start (12/02/2014 17:31:18)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (12/02/2014 17:31:23)

 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1

 

   Skipping Repair.

   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

   Current version: 6.1

 

Cleaning up empty logs...

 

All Selected Repairs Done.

   Done (12/02/2014 17:31:23)

   Total Repair Time: 00:07:11

 

 

...YOU MUST RESTART YOUR SYSTEM...

   Running Repair Under Current User Account

 

 

 


Farbar Service Scanner Version: 02-02-2014

Ran by user (administrator) on 12-02-2014 at 17:44:11

Running from "C:\Users\user\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

Regards

Link to post
Share on other sites

Good to hear all is well again, you can delete those last couple of tools we used also any produced logs. Other than that you should be be good to go....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard

 

Take care,

 

Kevin ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.