Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vosteran removal help needed [Closed]


  • This topic is locked This topic is locked

#1
Me_69-9

Me_69-9

    Member

  • Member
  • PipPip
  • 41 posts
My PC seems to have been infected by vosteran. My browser is being hijacked on some forums.

I'm running Windows 7 Home Premium 64.

I've done a Malware Bytes scan and removed 3 vosteran items but the problem persists. Any help would be greatly appreciated, thanks.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Me_69-9

Me_69-9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Thanks Essexboy.  I'm running this as a precaution but the following advice offered elsewhere seems to have solved the problem:

 

  • 0

#4
Me_69-9

Me_69-9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015 01
Ran by Admin (administrator) on ADMIN-PC on 11-01-2015 22:06:41
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe
( ) C:\Windows\System32\lxebcoms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CASIO COMPUTER CO.,LTD.) C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ë****<*>] => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1484856 2010-06-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-19\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...\Run: [******<*>] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-18\...\RunOnce: [****<*>] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 <===== ATTENTION (Value Name with invalid characters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
ShortcutTarget: Photo Loader supervisory.lnk -> C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com/
SearchScopes: HKLM -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL = 
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {8498189E-8BD6-44DC-9E4E-C6255DE6CC37} URL = http://uk.search.yah...ms}&fr=chr-tyc8
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL = 
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho64.dll ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100810221608.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100810221608.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @fileplanet.com/fpdlm -> C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://us.yahoo.com/
CHR StartupUrls: Default -> "hxxp://us.yahoo.com/"
CHR DefaultSearchKeyword: Default -> uk.yahoo.com
CHR DefaultSearchURL: Default -> https://uk.search.ya...p={searchTerms}
CHR DefaultSuggestURL: Default -> https://uk.search.ya...d={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-08-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-01-21] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-08-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-11] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-04-15] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-05-31] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-05-31] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-05-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-05] (Electronic Arts)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467280 2012-11-27] (Alcatel-Lucent)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-14] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 22:06 - 2015-01-11 22:07 - 00025541 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-11 22:05 - 2015-01-11 22:06 - 00000000 ____D () C:\FRST
2015-01-11 22:05 - 2015-01-11 22:05 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-11 20:28 - 2015-01-11 20:28 - 00042024 _____ () C:\Users\Admin\Desktop\HitmanPro_20150111_2028.log
2015-01-11 20:12 - 2015-01-11 20:12 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-11 20:11 - 2015-01-11 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-11 20:11 - 2015-01-11 20:12 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-11 20:10 - 2015-01-11 20:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-11 20:09 - 2015-01-11 20:09 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Desktop\HitmanPro_x64.exe
2015-01-11 20:06 - 2015-01-11 20:06 - 00001060 _____ () C:\Users\Admin\Desktop\MalWareBytes.txt
2015-01-11 19:44 - 2015-01-11 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-11 19:39 - 2015-01-11 19:39 - 00007475 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-11 19:27 - 2015-01-11 20:37 - 00000000 ____D () C:\AdwCleaner
2015-01-11 19:24 - 2015-01-11 19:24 - 02191360 _____ () C:\Users\Admin\Desktop\adwcleaner_4.107.exe
2015-01-05 17:25 - 2015-01-05 17:25 - 00009904 _____ () C:\Users\Admin\Downloads\Eggborough Copy of Commercial Analyst - Candidate Questions.xlsx
2014-12-27 13:00 - 2015-01-11 18:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinZip
2014-12-27 12:48 - 2014-12-27 12:50 - 47297544 _____ () C:\Users\Admin\Downloads\2015-performance-parts-full-catalog-web-1.pdf.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 22:06 - 2010-10-30 22:26 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-11 22:06 - 2010-10-30 22:26 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-11 21:45 - 2012-08-31 12:35 - 00000590 _____ () C:\Users\Admin\Desktop\DCS.txt
2015-01-11 21:43 - 2009-07-14 05:10 - 01772627 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 21:43 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 21:43 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 21:36 - 2012-06-07 20:48 - 00241769 _____ () C:\Windows\setupact.log
2015-01-11 21:36 - 2010-02-06 12:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 21:36 - 2010-01-26 16:35 - 00987156 _____ () C:\ProgramData\lxebscan.log
2015-01-11 21:36 - 2010-01-26 15:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\SoftThinks
2015-01-11 21:36 - 2010-01-26 15:09 - 00000000 ____D () C:\Users\Admin
2015-01-11 21:36 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 21:35 - 2014-08-27 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 21:35 - 2011-02-03 18:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-11 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-11 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 20:22 - 2010-02-06 12:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 19:47 - 2014-08-27 15:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 19:46 - 2014-08-27 15:38 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 19:46 - 2014-08-27 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 19:38 - 2012-07-15 10:56 - 00187870 _____ () C:\Windows\PFRO.log
2015-01-11 18:14 - 2014-05-06 13:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-11 18:14 - 2014-02-02 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-11 18:14 - 2011-12-06 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-11 18:14 - 2011-12-02 16:03 - 00000000 ____D () C:\Program Files\WinZip
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\servicing
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-11 18:13 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-11 18:12 - 2011-12-02 16:03 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-11 18:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
 
Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
 
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-06 01:27
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015 01
Ran by Admin at 2015-01-11 22:07:33
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version:  - Namco)
ActivePerl 5.14.2 Build 1402 (64-bit) (HKLM\...\{4FC945A7-D54E-4F00-BE32-90553F80FCE8}) (Version: 5.14.1402 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Belkin F6D4050 Enhanced Wireless USB Adapter (HKLM-x32\...\InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}) (Version: 2.0.0.08 - Belkin)
Belkin F6D4050 Enhanced Wireless USB Adapter (x32 Version: 2.0.0.08 - Belkin) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CryEngine®2 Sandbox™2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)
Crysis WARHEAD® (HKLM-x32\...\Crysis WARHEAD®) (Version:  - Electronic Arts)
Crysis WARHEAD® (x32 Version: 1.0 - Crytek) Hidden
Crysis Wars® (HKLM-x32\...\Crysis Wars®) (Version:  - Electronic Arts)
Crysis Wars® (x32 Version: 1.0 - Crytek) Hidden
Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.4.12913 - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Digital Combat Simulator: A-10C Warthog (HKLM-x32\...\Steam App 61010) (Version:  - )
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
doPDF 6.2  printer (HKLM\...\doPDF 6  printer_is1) (Version:  - Softland)
Download Manager 2.3.10 (HKLM-x32\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.)

  • 0

#5
Me_69-9

Me_69-9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Should I click 'Fix'?


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Should I click 'Fix'?

Not yet as FRST does not know what to do :)

You have more than Vosteran so we will clear that first

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [ë****<*>] => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-19\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-19\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...\Run: [******<*>] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-18\...\RunOnce: [****<*>] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 <===== ATTENTION (Value Name with invalid characters)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL =
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
U3 mfeavfk01; No ImagePath
C:\Windows\System32\mctadmin.exe
C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    http://img.photobuck...claimer_ENG.png

    NSIS_extraction.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP