Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
TheDoctor46 wrote:Luckysearches still appears as the first page when I open Opera. Maybe it's this registry entry causing that. It's still in the registry. It was picked up by the FarBar scan done near the start of this thread.
Yes this entry is most likely the culprit, however we already tried to remove it. At this point, my advise would be to remove Opera completely and re-install it. In order to do this, please follow the steps below..
In the following steps we will reset your Opera browser, therefore I advise you to backup any bookmarks before you remove it:
I turned MS security essentials back on at the end of doing all the scans in my last reply.
MSI live update was probably disabled in msconfig because it was a nuisance or too insistent on pushing me to update non-essential services, or notifying me about updates I was aware of or had chosen not to install. I run it manually form time to time to check updates. Most of the updates it would recommend to me I manually install anyway via other means.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Raymond at 2015-04-06 12:32:35 Run:3 Running from B:\Users\Raymond\Desktop\FRST Loaded Profiles: Raymond (Available profiles: Raymond) Boot Mode: Normal ==============================================
"HKU\S-1-5-21-2940932314-315015785-212226153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8095312a-039c-11e4-8021-d43d7e2bd256}" => Key deleted successfully. HKCR\CLSID\{8095312a-039c-11e4-8021-d43d7e2bd256} => Key not found. C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\yporo9y6.default\Extensions\_ldod_kbrcdtsauxcc@hvwvdh_uskydndcolx.org => Moved successfully. cpuz138 => Service deleted successfully. C:\Users\Public\DRM => ":احتضان" ADS removed successfully. B:\$RECYCLE.BIN\S-1-5-21-2940932314-315015785-212226153-1000\$R5KS6QQ.exe => Error: No automatic fix found for this entry. B:\Users\Raymond\Desktop\Games Related\Monitoring tools\coretemp_1236.exe => Error: No automatic fix found for this entry.
==== End of Fixlog 12:32:36 ====
# AdwCleaner v4.200 - Logfile created 06/04/2015 at 12:40:48 # Updated 29/03/2015 by Xplode # Database : 2015-03-29.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Raymond - RMWD-Z77 # Running from : B:\Users\Raymond\Desktop\adwcleaner_4.200.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
[yporo9y6.default] - Line Found : user_pref("extensions.crossrider.bic", "14c6b5e3fe149b736985c3757bc5cbd3");
TheDoctor46 wrote:Luckysearches isn't appearing in Opera anymore.
That's good news however we still have a little more work to do.
TheDoctor46 wrote:MSI live update was probably disabled in msconfig because it was a nuisance or too insistent on pushing me to update non-essential services, or notifying me about updates I was aware of or had chosen not to install. I run it manually form time to time to check updates. Most of the updates it would recommend to me I manually install anyway via other means.
MSConfig should only be used as a troubleshooting tool and if used incorrectly could cause a lot of damage to your computer. If you want we can disable "MSI live update" from loading when your computer boots via other means and then you can run it whenever you wish. Let me know your decision in your next reply.
PUP (Potentially Unwanted Programs)
[yporo9y6.default] - Line Found : user_pref("extensions.crossrider.bic", "14c6b5e3fe149b736985c3757bc5cbd3");
Potentially Unwanted Programs (PUP) are software that have unpredictable behaviour and/or might have been installed on your computer without your direct consent. You might have installed them willingly, in which case feel free to keep them. However, if you did not I advise you to remove them. If you decide to remove this PUP, please follow the steps below to run AdwCleaner.
Adwcleaner
Close all your programs and right-click adwcleaner_4.200.exe and select Run as administrator.
Click on Scan.
After the scan is over, select Cleaning.
Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
A notepad window will open. Please copy/paste the contents in your next reply.
I need you to run another fix..
Click Start
Type notepad.exe in the search programs and files box and click Enter.
A blank Notepad page should open.
Copy/Paste the contents of the code box below into Notepad.
OK, let's disable MSI update from startup another way.
For some reason ADWCleaner is not finding the crossrider program when it scans now. I tried twice. Even tried downloading the program again and rescanning.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Raymond at 2015-04-07 08:04:14 Run:4 Running from B:\Users\Raymond\Desktop\FRST Loaded Profiles: Raymond (Available profiles: Raymond) Boot Mode: Normal ==============================================
C:\Users\Raymond\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.luckysearches.com%2Ffavicon.png => Moved successfully. C:\Users\Raymond\AppData\Local\Opera\Opera\icons\www.luckysearches.com.idx => Moved successfully.
TheDoctor46 wrote:For some reason ADWCleaner is not finding the crossrider program when it scans now. I tried twice. Even tried downloading the program again and rescanning.
Can you see the extension in the Firefox Browser?
Open Firefox.
Click on Tools in the Menu bar.
Select Add-ons. Note: this can also be accomplished by pressing on Ctrl+Shift+A inside the browser.
Click on Extensions on the left-side panel. Try to locate the following:
Crossrider
If the extension is present, select Remove.
Click Restart now. The extension should now be gone.
TheDoctor46 wrote:OK, let's disable MSI update from startup another way.
No problem, first we will need to re-enable MSI update. To do this, please follow the steps below..
Enable a program through CCleaner
Open the Start menu.
Inside the Search programs and files type the following:
CCleaner
Right-click on CCleaner and select Run as administrator.
Select Tools from the left-side panel.
Open Startup.
Select the Windows tab. Locate the following program:
MSI Live Update
Click Enable.
Exit CCleaner and reboot your computer.
Next..
Click Start
Type notepad.exe in the search programs and files box and click Enter.
A blank Notepad page should open.
Copy/Paste the contents of the code box below into Notepad.
Crossrider is not in the list of firefox extensions. There are 4 in there and I know what all of them are.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Raymond at 2015-04-08 08:28:05 Run:5 Running from B:\Users\Raymond\Desktop\FRST Loaded Profiles: Raymond (Available profiles: Raymond) Boot Mode: Normal ==============================================
TheDoctor46 wrote:Crossrider is not in the list of firefox extensions. There are 4 in there and I know what all of them are.
If you don't see the extension in your Firefox browser and AdwCleaner does not detect it anymore, then it's safe to say that it no longer is present on your computer
I noticed that your Firefox browser was outdated. If you have not already done so, please follow the steps below to update it.
Update Firefox
Open Firefox.
Click on Help in the Menu Bar.
Select About Firefox.
When the update has finished downloading, click Restart Firefox to Update. Firefox should now be updated. If you were unable to update FF, please let me know in your next post.
I need you to run a fix..
Click Start
Type notepad.exe in the search programs and files box and click Enter.
A blank Notepad page should open.
Copy/Paste the contents of the code box below into Notepad.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Raymond at 2015-04-09 07:33:20 Run:6 Running from B:\Users\Raymond\Desktop\FRST Loaded Profiles: Raymond (Available profiles: Raymond) Boot Mode: Normal ==============================================
Users browsing this forum: No registered users and 38 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.