Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014
Ran by Dad at 2014-10-24 17:23:59 Run:1
Running from C:\Users\Dad\Desktop
Loaded Profile: Dad (Available profiles: Dad)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(Oberon Media ) C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
() C:\Users\Dad\AppData\Roaming\Dashlane\Dashlane.exe
HKU\S-1-5-21-3423730112-3892543386-1235696852-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-3423730112-3892543386-1235696852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}\n.
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
AppInit_DLLs-x32: c:\progra~3\bprote~1\22453~1.59\protec~1.dll => "c:\progra~3\bprote~1\22453~1.59\protec~1.dll" File Not Found
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^CD^xdm142^S01142^us&si=101497_ad1&ptb=1D1686F2-28A5-4874-9157-3465CA514DE9&ind=2012042620&n=77ed557c&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^CD^xdm142^S01142^us&si=101497_ad1&ptb=1D1686F2-28A5-4874-9157-3465CA514DE9&ind=2012042620&n=77ed557c&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
search.babylon.com/?q={searchTerms}&AF=113843&babsrc=SP_ss&mntrId=1e86d65b000000000000000272a266a2SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
www.mystart.com/results.php??gen=ms&pr=vmn&id=mystarttb&v=5_0&ent=ch_4770&q={searchTerms}SearchScopes: HKCU - {84A71458-202A-45F4-816F-FB4E3947D234} URL =
search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN37879126012014625&UM=2SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll No File
C:\Program Files (x86)\BabylonToolbar
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Dad\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Dad\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKCU - No Name - {430DDB4F-38CC-4E91-AF33-4157334EC937} - No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3307519&CUI=UN34677666481335918&UM=2&SearchSource=3&q={searchTerms}
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\user.js
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\searchplugins\conduit.xml
FF Extension: Fast Discountz - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\Extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d} [2013-09-06]
FF Extension: Coupons Malibu - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\Extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc} [2013-09-13]
FF Extension: Dashlane - C:\Users\Dad\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-08-28]
CHR Extension: (Dashlane) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-30]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-10-03]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2014-10-22 08:09 - 2014-07-01 18:43 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Dashlane
C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}\@
C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}
C:\Users\Dad\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Dad\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Dad\AppData\Local\Temp\install_flashplayer14x32axau_chra_dy_awa_aih.exe
CustomCLSID: HKU\S-1-5-21-3423730112-3892543386-1235696852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3423730112-3892543386-1235696852-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}\n. No File
Task: {F6874580-B848-4778-BDDB-923C4116C3A0} - System32\Tasks\DSite => C:\Users\Dad\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Dad\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
end
*****************
[3440] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe => Process closed successfully.
[3536] C:\Users\Dad\AppData\Roaming\Dashlane\Dashlane.exe => Process closed successfully.
"HKU\S-1-5-21-3423730112-3892543386-1235696852-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"HKU\S-1-5-21-3423730112-3892543386-1235696852-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3423730112-3892543386-1235696852-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}\n." => File/Directory not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => value deleted successfully.
"c:\progra~3\bprote~1\22453~1.59\protec~1.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully.
"HKCR\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
"HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84A71458-202A-45F4-816F-FB4E3947D234}" => Key deleted successfully.
"HKCR\CLSID\{84A71458-202A-45F4-816F-FB4E3947D234}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" => Key deleted successfully.
"C:\Program Files (x86)\BabylonToolbar" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{430DDB4F-38CC-4E91-AF33-4157334EC937} => value deleted successfully.
"HKCR\CLSID\{430DDB4F-38CC-4E91-AF33-4157334EC937}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} => value deleted successfully.
"HKCR\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}" => Key not found.
Firefox DefaultSearchUrl deleted successfully.
"HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0" => Key deleted successfully.
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll not found.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\user.js => Moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\Extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d} => Moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\565drrnz.default\Extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc} => Moved successfully.
C:\Users\Dad\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => Moved successfully.
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh" => Key deleted successfully.
"C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx" => File/Directory not found.
MREMP50 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
C:\Users\Dad\AppData\Roaming\Dashlane => Moved successfully.
C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707}\@ => Moved successfully.
C:\Users\Dad\AppData\Local\{b733fc53-091d-6d34-ef9b-677bb421d707} => Moved successfully.
C:\Users\Dad\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.
C:\Users\Dad\AppData\Local\Temp\drm_dyndata_7380014.dll => Moved successfully.
C:\Users\Dad\AppData\Local\Temp\install_flashplayer14x32axau_chra_dy_awa_aih.exe => Moved successfully.
"HKU\S-1-5-21-3423730112-3892543386-1235696852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKU\S-1-5-21-3423730112-3892543386-1235696852-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6874580-B848-4778-BDDB-923C4116C3A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6874580-B848-4778-BDDB-923C4116C3A0}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
C:\Windows\Tasks\DSite.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => Key deleted successfully.
==== End of Fixlog ====