[Me_69-9]

My PC seems to have been infected by vosteran. My browser is being hijacked on some forums.

I'm running Windows 7 Home Premium 64.

I've done a Malware Bytes scan and removed 3 vosteran items but the problem persists. Any help would be greatly appreciated, thanks.

[Advertisements]

Hi there lets have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi there lets have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Me_69-9]

Thanks Essexboy.  I'm running this as a precaution but the following advice offered elsewhere seems to have solved the problem:

 

http://malwaretips.c...osteran-search/

[Me_69-9]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015 01

Ran by Admin (administrator) on ADMIN-PC on 11-01-2015 22:06:41

Running from C:\Users\Admin\Desktop

Loaded Profile: Admin (Available profiles: Admin)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe

( ) C:\Windows\System32\lxebcoms.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe

(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(CASIO COMPUTER CO.,LTD.) C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ë****<*>] => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" <===== ATTENTION (Value Name with invalid characters)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1484856 2010-06-24] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE

HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)

HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-19\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-19\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-20\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-20\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...\Run: [******<*>] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}\n. ATTENTION! ====> ZeroAccess/Alureon?

HKU\S-1-5-18\...\RunOnce: [****<*>] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 <===== ATTENTION (Value Name with invalid characters)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Loader supervisory.lnk

ShortcutTarget: Photo Loader supervisory.lnk -> C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com/

SearchScopes: HKLM -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL = 

SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {8498189E-8BD6-44DC-9E4E-C6255DE6CC37} URL = http://uk.search.yah...ms}&fr=chr-tyc8

SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL = 

BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho64.dll ()

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100810221608.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()

BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100810221608.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab

DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab

DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @fileplanet.com/fpdlm -> C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> https://us.yahoo.com/

CHR StartupUrls: Default -> "hxxp://us.yahoo.com/"

CHR DefaultSearchKeyword: Default -> uk.yahoo.com

CHR DefaultSearchURL: Default -> https://uk.search.ya...p={searchTerms}

CHR DefaultSuggestURL: Default -> https://uk.search.ya...d={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File

CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-07-23]

CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-08-18] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-01-21] (Creative Labs) [File not signed]

S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-08-18] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-11] (SurfRight B.V.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)

R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )

R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-04-15] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-05-31] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-05-31] (McAfee, Inc.)

R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-05-31] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-05] (Electronic Arts)

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467280 2012-11-27] (Alcatel-Lucent)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-14] ()

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)

U3 mfeavfk01; No ImagePath

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)

R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)

R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))

S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-11 22:06 - 2015-01-11 22:07 - 00025541 _____ () C:\Users\Admin\Desktop\FRST.txt

2015-01-11 22:05 - 2015-01-11 22:06 - 00000000 ____D () C:\FRST

2015-01-11 22:05 - 2015-01-11 22:05 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe

2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-01-11 20:28 - 2015-01-11 20:28 - 00042024 _____ () C:\Users\Admin\Desktop\HitmanPro_20150111_2028.log

2015-01-11 20:12 - 2015-01-11 20:12 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2015-01-11 20:11 - 2015-01-11 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2015-01-11 20:11 - 2015-01-11 20:12 - 00000000 ____D () C:\Program Files\HitmanPro

2015-01-11 20:10 - 2015-01-11 20:27 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-11 20:09 - 2015-01-11 20:09 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Desktop\HitmanPro_x64.exe

2015-01-11 20:06 - 2015-01-11 20:06 - 00001060 _____ () C:\Users\Admin\Desktop\MalWareBytes.txt

2015-01-11 19:44 - 2015-01-11 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-11 19:39 - 2015-01-11 19:39 - 00007475 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt

2015-01-11 19:27 - 2015-01-11 20:37 - 00000000 ____D () C:\AdwCleaner

2015-01-11 19:24 - 2015-01-11 19:24 - 02191360 _____ () C:\Users\Admin\Desktop\adwcleaner_4.107.exe

2015-01-05 17:25 - 2015-01-05 17:25 - 00009904 _____ () C:\Users\Admin\Downloads\Eggborough Copy of Commercial Analyst - Candidate Questions.xlsx

2014-12-27 13:00 - 2015-01-11 18:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinZip

2014-12-27 12:48 - 2014-12-27 12:50 - 47297544 _____ () C:\Users\Admin\Downloads\2015-performance-parts-full-catalog-web-1.pdf.zip

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-11 22:06 - 2010-10-30 22:26 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2015-01-11 22:06 - 2010-10-30 22:26 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job

2015-01-11 21:45 - 2012-08-31 12:35 - 00000590 _____ () C:\Users\Admin\Desktop\DCS.txt

2015-01-11 21:43 - 2009-07-14 05:10 - 01772627 _____ () C:\Windows\WindowsUpdate.log

2015-01-11 21:43 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-11 21:43 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-11 21:36 - 2012-06-07 20:48 - 00241769 _____ () C:\Windows\setupact.log

2015-01-11 21:36 - 2010-02-06 12:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-11 21:36 - 2010-01-26 16:35 - 00987156 _____ () C:\ProgramData\lxebscan.log

2015-01-11 21:36 - 2010-01-26 15:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\SoftThinks

2015-01-11 21:36 - 2010-01-26 15:09 - 00000000 ____D () C:\Users\Admin

2015-01-11 21:36 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-11 21:35 - 2014-08-27 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-11 21:35 - 2011-02-03 18:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2015-01-11 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-11 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration

2015-01-11 20:22 - 2010-02-06 12:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-11 19:47 - 2014-08-27 15:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-11 19:46 - 2014-08-27 15:38 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-11 19:46 - 2014-08-27 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-11 19:38 - 2012-07-15 10:56 - 00187870 _____ () C:\Windows\PFRO.log

2015-01-11 18:14 - 2014-05-06 13:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-01-11 18:14 - 2014-02-02 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2015-01-11 18:14 - 2011-12-06 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-11 18:14 - 2011-12-02 16:03 - 00000000 ____D () C:\Program Files\WinZip

2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\servicing

2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache

2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2015-01-11 18:13 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-01-11 18:12 - 2011-12-02 16:03 - 00000000 ____D () C:\ProgramData\WinZip

2015-01-11 18:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat

 

Files to move or delete:

====================

C:\Windows\System32\mctadmin.exe

 

 

Some content of TEMP:

====================

C:\Users\Admin\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7340014.dll

C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7370014.dll

C:\Users\Admin\AppData\Local\Temp\Quarantine.exe

C:\Users\Admin\AppData\Local\Temp\sonarinst.exe

C:\Users\Admin\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-06 01:27

 

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015 01

Ran by Admin at 2015-01-11 22:07:33

Running from C:\Users\Admin\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)

ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version:  - Namco)

ActivePerl 5.14.2 Build 1402 (64-bit) (HKLM\...\{4FC945A7-D54E-4F00-BE32-90553F80FCE8}) (Version: 5.14.1402 - ActiveState)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)

Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)

Belkin F6D4050 Enhanced Wireless USB Adapter (HKLM-x32\...\InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}) (Version: 2.0.0.08 - Belkin)

Belkin F6D4050 Enhanced Wireless USB Adapter (x32 Version: 2.0.0.08 - Belkin) Hidden

Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)

BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )

Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)

Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)

Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)

Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)

Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)

ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)

Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)

Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)

Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)

Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)

Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)

Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)

Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)

Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)

Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)

Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)

CryEngine®2 Sandbox™2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)

Crysis WARHEAD® (HKLM-x32\...\Crysis WARHEAD®) (Version:  - Electronic Arts)

Crysis WARHEAD® (x32 Version: 1.0 - Crytek) Hidden

Crysis Wars® (HKLM-x32\...\Crysis Wars®) (Version:  - Electronic Arts)

Crysis Wars® (x32 Version: 1.0 - Crytek) Hidden

Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DCS World (HKLM\...\DCS World_is1) (Version: 1.2.4.12913 - )

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)

Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)

Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Digital Combat Simulator: A-10C Warthog (HKLM-x32\...\Steam App 61010) (Version:  - )

DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden

Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)

doPDF 6.2  printer (HKLM\...\doPDF 6  printer_is1) (Version:  - Softland)

Download Manager 2.3.10 (HKLM-x32\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.)

[Me_69-9]

Should I click 'Fix'?

[Essexboy]

Should I click 'Fix'?

Not yet as FRST does not know what to do

You have more than Vosteran so we will clear that first

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [ë****<*>] => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-19\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-19\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...\Run: [******<*>] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-18\...\RunOnce: [****<*>] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 <===== ATTENTION (Value Name with invalid characters)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL =
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
U3 mfeavfk01; No ImagePath
C:\Windows\System32\mctadmin.exe
C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  http://img.photobuck...claimer_ENG.png
  
  
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  Notes:
  1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  
  
  Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.