PDA

View Full Version : Windows update will not run


grhull
2013-07-20, 16:27
It looks like I got a little behind on my windows updates. The last successful run was May 28th. I didn't notice this until yesterday when my computer was having some problems. Yesterday we had a power outage and the computer was on when the power went out. When I tried to start the computer up again it would boot, but then run very slowly. Realplayer was running multiple times in the task manager. I don't use Realplayer so I attempted to uninstall and after a few attempts I was successful. I attempted to run Windows Update again and it started to run. It got to 3 of 5. I let it run for an hour hoping that it wasn't hung, but it was hung. I did a hard stop (power button for 5 seconds). I started again. It asked for safe mode which I used. It then uninstalled the updates that didn't work and it looks like it reverted back to an old install point. It is also telling me that my copy of windows is not genuine, but I purchased this copy of windows.

I have also tried a Safe Boot with limited services. I still wasn't able to get the Windows Update to run. I am guessing that I have probably made things worse rather than better at this point, so time to stop and let someone else take a look.

I originally thought there was just a problem with some files that were corrupted with after the hard power down. I still can't get the windows update to run and I am thinking that there is more going on. I have backed up the registry (erdnt), run dds, and aswMBR.

Thanks for your help!

Greg

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Home at 8:32:37 on 2013-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4066 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622112818.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 208.67.222.123 208.67.220.123 68.94.156.1
TCP: Interfaces\{145A7C7A-2B23-4F6E-84FE-14CF120FD804} : DHCPNameServer = 208.67.222.123 208.67.220.123 68.94.156.1
TCP: Interfaces\{455052A2-CDB3-435F-8343-4EA28D875426} : DHCPNameServer = 68.94.156.1 68.94.157.1 192.168.52.1
TCP: Interfaces\{455052A2-CDB3-435F-8343-4EA28D875426}\13934393D27657563747 : DHCPNameServer = 68.87.72.134 68.87.77.134 192.168.33.1
TCP: Interfaces\{455052A2-CDB3-435F-8343-4EA28D875426}\164686F636 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{455052A2-CDB3-435F-8343-4EA28D875426}\26C61636B6B696474797 : DHCPNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{455052A2-CDB3-435F-8343-4EA28D875426}\C696E6B6379737 : DHCPNameServer = 68.87.72.134 68.87.77.134
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622112818.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Skytel] Skytel.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x64/RescueControl.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-2-25 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-25 340216]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2011-7-22 88576]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-27 204288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-2-25 72216]
R3 AE3000;Linksys AE3000 Driver;C:\Windows\System32\drivers\AE3000w764.sys [2012-3-2 1717824]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-4-30 1353600]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-25 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-2-25 515968]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/15 19:54:33;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-2-25 70112]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-25 106552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-5 59392]
.
=============== Created Last 30 ================
.
2013-07-19 07:18:14 -------- d-----w- C:\Windows\9E23819E8AF44D25A7FE7756C9E3DBB9.TMP
.
==================== Find3M ====================
.
2013-06-12 16:50:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 16:50:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:50:22 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-08 02:21:02 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 02:21:01 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-06-08 02:21:01 100680 ----a-w- C:\Windows\System32\LMIinit.dll
2013-06-01 02:21:05 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.001.bak
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 8:33:20.52 ===============
OCD
2013-07-25, 05:25
Hi grhull,

The first way to validate that Windows 7 is genuine is to click on Start, then type in activate windows in the search box.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/activatewindows_thumb.png

If your copy of Windows 7 is activated and genuine, you will ge t a message that says “Activation was successful” and you will see the Microsoft Genuine software logo on the right hand side.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/checkwindows7genuine_thumb.png

=========================

1. Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

2. OTL

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Right click and select "Run as Administrator".

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

In your next post please provide the following:


checkup.txt
OTL.txt
Extras.txt
aswMBR.txt (from your previous run)
What symptoms are you experiencing?
grhull
2013-07-26, 05:18
I was able to verify that windows is activated. Here is my checkup.txt:

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

aswMBR.txt:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-20 08:49:57
-----------------------------
08:49:57.768 OS Version: Windows x64 6.1.7601 Service Pack 1
08:49:57.768 Number of processors: 8 586 0x1A04
08:49:57.768 ComputerName: MEDIA_01_10 UserName: Home
08:49:59.063 Initialize success
08:53:21.200 AVAST engine defs: 13072000
08:54:36.633 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:54:36.637 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
08:54:36.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-3
08:54:36.642 Disk 1 Vendor: ST32000542AS CC95 Size: 1907729MB BusType: 3
08:54:36.746 Disk 0 MBR read successfully
08:54:36.749 Disk 0 MBR scan
08:54:36.754 Disk 0 Windows 7 default MBR code
08:54:36.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
08:54:36.785 Disk 0 scanning C:\Windows\system32\drivers
08:54:47.367 Service scanning
08:55:07.008 Modules scanning
08:55:07.016 Disk 0 trace - called modules:
08:55:07.039 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:55:07.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006614060]
08:55:07.050 3 CLASSPNP.SYS[fffff88001a8e43f] -> nt!IofCallDriver -> [0xfffffa80062d6520]
08:55:07.055 5 ACPI.sys[fffff88000d777a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062c5060]
08:55:11.347 AVAST engine scan C:\Windows
08:55:13.844 AVAST engine scan C:\Windows\system32
09:00:15.310 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\Fixes_07_20_2013\aswMBR\MBR.dat"
09:00:15.315 The log file has been saved successfully to "C:\Users\Home\Desktop\Fixes_07_20_2013\aswMBR\aswMBR.txt"

The system seems to function correctly for a few minutes, but then programs will stop working. For example it took three restarts to download and run checkup. It would run and get to a certain point and then freeze up. When I try to restart windows it will log off and get to a certain point and then stop shutting down. I am then forced to perform a hard power down. I have run a checkdisk with no problems that I can see. If a program freezes I can do other things, but that program does not come back. It is unavailable. If I open up task manager the processor never gets over 5% and nothing is really running.

When windows starts there is an error message. I have attached a screenshot of this message.

I have attempted multiple times to run OTL. I will restart again and give it another try.

Thanks again for the help.

Greg
grhull
2013-07-26, 05:33
I have attempted to run OTL five or six times. It seems to get stuck in various places, but twice it has gotten stuck at:

Scanning driver Tcpip...

I will continue to try to run OTL unless you have another suggestion.

Thanks again,

Greg
OCD
2013-07-26, 05:43
Hi grhull,

You stated you ran chkdsk, please follow the below steps to get the log from that scan.

1. To view chkdsk results log:

Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.

=========================

2. System File Checker (SFC)

Click on the Start button and in the Search programs and files box type the following:


command


Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 (http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=8&f=11&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=0&bts=0&zu=http%3A//windows.microsoft.com/en-us/windows7/turn-user-account-control-on-or-off) for more information.
An elevated Command Prompt window will appear.


Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter


After the scan runs type exit to close the command prompt window
Include the findings in your next reply

=========================

In your next post please provide the following:


chkdsk log
Did SFC complete without issue. (do not post the log)
grhull
2013-07-26, 12:37
SFC ran completely and gave the following:

Windows Resource Protection did not find any integrity violations.

I cannot get the event viewer to run. It gets stuck loading the Application events.
grhull
2013-07-26, 12:47
Ok I did get the check disk log:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 7/18/2013 11:09:17 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MEDIA_01_10
Description:


Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
275712 file records processed.

File verification completed.
2162 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The index bitmap $I30 in file 0xe18 is incorrect.
Correcting error in index $I30 for file 3608.
400330 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WER3E5~1.TXT (188513) into directory file 3608.
Recovering orphaned file WER3E56.tmp.appcompat.txt (188513) into directory file 3608.
Recovering orphaned file WER3EE~1.XML (188530) into directory file 3608.
Recovering orphaned file WER3EE4.tmp.WERInternalMetadata.xml (188530) into directory file 3608.
3 unindexed files scanned.

Recovering orphaned file WER3F1~1.HDM (188531) into directory file 3608.
Recovering orphaned file WER3F14.tmp.hdmp (188531) into directory file 3608.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
275712 file SDs/SIDs processed.

Cleaning up 418 unused index entries from index $SII of file 0x9.
Cleaning up 418 unused index entries from index $SDH of file 0x9.
Cleaning up 418 unused security descriptors.
Security descriptor verification completed.
62310 data files processed.

CHKDSK is verifying Usn Journal...
33751696 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

732571647 KB total disk space.
536216876 KB in 209851 files.
143092 KB in 62311 indexes.
0 KB in bad sectors.
400863 KB in use by the system.
65536 KB occupied by the log file.
195810816 KB available on disk.

4096 bytes in each allocation unit.
183142911 total allocation units on disk.
48952704 allocation units available on disk.

Internal Info:
00 35 04 00 2e 27 04 00 9f 06 07 00 00 00 00 00 .5...'..........
8a 45 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 .E..<...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-19T04:09:17.000000000Z" />
<EventRecordID>23782</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MEDIA_01_10</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
275712 file records processed.

File verification completed.
2162 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The index bitmap $I30 in file 0xe18 is incorrect.
Correcting error in index $I30 for file 3608.
400330 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WER3E5~1.TXT (188513) into directory file 3608.
Recovering orphaned file WER3E56.tmp.appcompat.txt (188513) into directory file 3608.
Recovering orphaned file WER3EE~1.XML (188530) into directory file 3608.
Recovering orphaned file WER3EE4.tmp.WERInternalMetadata.xml (188530) into directory file 3608.
3 unindexed files scanned.

Recovering orphaned file WER3F1~1.HDM (188531) into directory file 3608.
Recovering orphaned file WER3F14.tmp.hdmp (188531) into directory file 3608.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
275712 file SDs/SIDs processed.

Cleaning up 418 unused index entries from index $SII of file 0x9.
Cleaning up 418 unused index entries from index $SDH of file 0x9.
Cleaning up 418 unused security descriptors.
Security descriptor verification completed.
62310 data files processed.

CHKDSK is verifying Usn Journal...
33751696 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

732571647 KB total disk space.
536216876 KB in 209851 files.
143092 KB in 62311 indexes.
0 KB in bad sectors.
400863 KB in use by the system.
65536 KB occupied by the log file.
195810816 KB available on disk.

4096 bytes in each allocation unit.
183142911 total allocation units on disk.
48952704 allocation units available on disk.

Internal Info:
00 35 04 00 2e 27 04 00 9f 06 07 00 00 00 00 00 .5...'..........
8a 45 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 .E..&lt;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
OCD
2013-07-26, 17:07
Hi grhull,

1. rkill

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Do not reboot your computer after running rkill as the malware programs will start again.

=========================

2. ComboFix

Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


Download ComboFix from the following location:

Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Place ComboFix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:


Rkill report
ComboFix.txt
grhull
2013-07-27, 02:06
Combofix:

ComboFix 13-07-25.02 - Home 07/26/2013 18:54:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4441 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Public\Documents\~WRL1558.tmp
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 )))))))))))))))))))))))))))))))
.
.
2013-07-26 23:58 . 2013-07-26 23:58 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-07-26 23:58 . 2013-07-26 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-20 13:25 . 2013-07-20 13:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-07-19 07:18 . 2013-07-19 07:18 -------- d-----w- c:\windows\9E23819E8AF44D25A7FE7756C9E3DBB9.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 08:26 . 2010-01-30 23:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-24 08:26 . 2010-05-19 20:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-24 08:25 . 2010-05-19 20:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-24 08:25 . 2010-02-27 20:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-12 16:50 . 2012-04-15 13:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:50 . 2011-05-14 02:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 16:50 . 2013-06-12 16:50 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-08 02:21 . 2012-02-25 15:29 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 02:21 . 2012-02-25 15:29 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 02:21 . 2012-02-25 15:29 100680 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-01 02:21 . 2012-02-25 15:29 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.001.bak
2013-05-16 00:13 . 2010-01-30 21:55 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-05 21:36 . 2013-05-29 02:31 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-05 21:16 . 2013-05-29 02:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-05 19:12 . 2013-05-29 02:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2012-07-02 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-27 336384]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-20 27760]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/15 19:54;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe;c:\windows\SYSNATIVE\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 AE3000;Linksys AE3000 Driver;c:\windows\system32\DRIVERS\AE3000w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE3000w764.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerBDA716x_x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 21:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:30 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:50]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 00:59]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 00:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-02 6475808]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 68.94.156.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Skytel - Skytel.exe
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\users\Home\AppData\Local\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}\NBCDirectInstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-26 19:00:19
ComboFix-quarantined-files.txt 2013-07-27 00:00
.
Pre-Run: 259,635,040,256 bytes free
Post-Run: 261,951,897,600 bytes free
.
- - End Of File - - 39AEEA51254692B081360685AF83BC1C
A36C5E4F47E84449FF07ED3517B43A31

rkill:

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/26/2013 06:49:20 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 07/26/2013 06:50:53 PM
Execution time: 0 hours(s), 1 minute(s), and 33 seconds(s)

Thanks!
OCD
2013-07-27, 04:10
Hi grhull,

Any improvement in the performance of the computer?

=========================

1. Windows Automatic Updates

Open Windows Update by clicking the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html), clicking All Programs, and then clicking Windows Update.
In the left pane, click Change settings.
Choose the option that you want.
Under Recommended updates, select the Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK. http://i1269.photobucket.com/albums/jj590/OCD-WTT/windowsshield_zps565f3936.png (http://s1269.photobucket.com/user/OCD-WTT/media/windowsshield_zps565f3936.png.html) Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

=========================

2. Windows Update

Open Windows Update by clicking the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html). In the search box, type Update, and then, in the list of results, click Windows Update.
In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.
Click Install updates.
Read and accept the license terms, and then click Finish if the update requires it. http://i1269.photobucket.com/albums/jj590/OCD-WTT/adminshield.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/adminshield.jpg.html) Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

=========================

3. Reboot

=========================

4. Delete the copy of OTL you previously downloaded

=========================

5. Farbar Recovery Scan Tool

Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:


FRST.txt
Addition.txt
grhull
2013-07-27, 07:38
Things are much faster. Thanks again. I run Windows Update three times. First two times had items to update. Last time it came back clean.

I ran FRS, here is the log and I have attached the file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013
Ran by Home (administrator) on 27-07-2013 00:32:06
Running from C:\Users\Home\Desktop\Fixes_07_20_2013
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSr64.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\system32\atieclxx.exe
(2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6475808 2008-09-02] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [251744 2011-06-06] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-19] (Bitleader)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1764352 2011-07-12] (Dominik Reichl)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-27] (cyberlink)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\LogMeInRemoteUser\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622112818.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622112818.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x64/RescueControl.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123 68.94.156.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [88576 2008-07-15] (Andrea Electronics Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 AE3000; C:\Windows\System32\DRIVERS\AE3000w764.sys [1717824 2012-03-02] (Ralink Technology Corp.)
R3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1353600 2009-04-30] (AVerMedia TECHNOLOGIES, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2010-07-15] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 00:31 - 2013-07-27 00:31 - 00000000 ____D C:\FRST
2013-07-27 00:25 - 2013-07-27 00:25 - 00003344 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3957244681-1652356609-3623623028-1000
2013-07-27 00:20 - 2013-07-27 00:20 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 21:53 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-26 21:53 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 21:31 - 2013-07-26 21:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 21:31 - 2013-07-26 21:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-26 21:31 - 2013-07-26 21:31 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-26 21:31 - 2013-07-26 21:31 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-26 21:31 - 2013-07-26 21:31 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-26 21:31 - 2013-07-26 21:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-26 21:31 - 2013-07-26 21:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-26 21:31 - 2013-07-26 21:31 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-26 21:31 - 2013-07-26 21:31 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-26 21:31 - 2013-07-26 21:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-26 19:00 - 2013-07-26 19:00 - 00015785 _____ C:\ComboFix.txt
2013-07-26 18:51 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-26 18:51 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-26 18:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-26 18:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-26 18:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-26 18:51 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-26 18:51 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-26 18:51 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-26 18:12 - 2013-07-26 19:00 - 00000000 ____D C:\Qoobox
2013-07-26 18:12 - 2013-07-26 18:59 - 00000000 ____D C:\Windows\erdnt
2013-07-26 18:11 - 2013-07-26 18:09 - 05093969 ____R (Swearware) C:\Users\Home\Desktop\ComboFix.exe
2013-07-26 18:01 - 2013-07-26 18:01 - 00000000 ____D C:\Users\Home\Desktop\rkill
2013-07-26 17:54 - 2013-07-26 18:50 - 00002360 _____ C:\Users\Home\Desktop\Rkill.txt
2013-07-26 05:04 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-26 05:04 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-25 10:35 - 2013-07-25 10:35 - 00262144 ____N C:\Windows\Minidump\072513-24975-01.dmp
2013-07-20 08:33 - 2013-07-20 08:33 - 00014389 _____ C:\Users\Home\Desktop\attach.txt
2013-07-20 08:33 - 2013-07-20 08:33 - 00011790 _____ C:\Users\Home\Desktop\dds.txt
2013-07-20 08:26 - 2013-07-27 00:21 - 00000000 ____D C:\Users\Home\Desktop\Fixes_07_20_2013
2013-07-20 08:25 - 2013-07-20 08:25 - 00000909 _____ C:\Users\LogMeInRemoteUser\Desktop\ERUNT.lnk
2013-07-20 08:25 - 2013-07-20 08:25 - 00000909 _____ C:\Users\Home\Desktop\ERUNT.lnk
2013-07-20 08:25 - 2013-07-20 08:25 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-19 20:20 - 2013-07-19 20:20 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-19 20:17 - 2013-07-26 21:34 - 00012260 _____ C:\Windows\IE10_main.log
2013-07-19 02:18 - 2013-07-19 02:18 - 00000000 ____D C:\Windows\9E23819E8AF44D25A7FE7756C9E3DBB9.TMP
2013-07-18 21:51 - 2013-07-27 00:25 - 00003208 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3957244681-1652356609-3623623028-1000
2013-07-10 03:53 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 03:53 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 03:53 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 03:53 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 03:53 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-07-27 00:31 - 2013-07-27 00:31 - 00000000 ____D C:\FRST
2013-07-27 00:30 - 2012-11-12 20:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-27 00:29 - 2010-01-30 17:27 - 00001828 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-07-27 00:27 - 2009-07-13 23:45 - 00017760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 00:27 - 2009-07-13 23:45 - 00017760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 00:26 - 2010-01-30 16:30 - 01783269 _____ C:\Windows\WindowsUpdate.log
2013-07-27 00:25 - 2013-07-27 00:25 - 00003344 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3957244681-1652356609-3623623028-1000
2013-07-27 00:25 - 2013-07-18 21:51 - 00003208 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3957244681-1652356609-3623623028-1000
2013-07-27 00:24 - 2012-11-12 20:00 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-27 00:24 - 2011-03-10 20:27 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-07-27 00:24 - 2011-03-10 20:27 - 00000000 ____D C:\Windows\system32\logishrd
2013-07-27 00:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 00:24 - 2009-07-13 23:51 - 00045430 _____ C:\Windows\setupact.log
2013-07-27 00:22 - 2013-07-27 00:20 - 00000000 ____D C:\Windows\system32\MRT
2013-07-27 00:21 - 2013-07-20 08:26 - 00000000 ____D C:\Users\Home\Desktop\Fixes_07_20_2013
2013-07-27 00:13 - 2010-01-30 16:30 - 00001417 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-27 00:11 - 2009-07-13 23:45 - 00279648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-27 00:10 - 2010-01-30 17:08 - 00039304 _____ C:\Windows\PFRO.log
2013-07-27 00:09 - 2012-02-25 10:29 - 00000000 ____D C:\ProgramData\LogMeIn
2013-07-27 00:09 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-27 00:09 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-27 00:09 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-27 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-27 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-27 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-27 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-27 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-26 23:50 - 2012-07-26 21:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 21:38 - 2009-07-14 00:13 - 00740322 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-26 21:34 - 2013-07-19 20:17 - 00012260 _____ C:\Windows\IE10_main.log
2013-07-26 21:31 - 2013-07-26 21:31 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 21:31 - 2013-07-26 21:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 21:31 - 2013-07-26 21:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-26 21:31 - 2013-07-26 21:31 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-26 21:31 - 2013-07-26 21:31 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-26 21:31 - 2013-07-26 21:31 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-26 21:31 - 2013-07-26 21:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-26 21:31 - 2013-07-26 21:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-26 21:31 - 2013-07-26 21:31 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-26 21:31 - 2013-07-26 21:31 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-26 21:31 - 2013-07-26 21:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-26 21:31 - 2013-07-26 21:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-26 21:31 - 2013-07-26 21:31 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-26 19:00 - 2013-07-26 19:00 - 00015785 _____ C:\ComboFix.txt
2013-07-26 19:00 - 2013-07-26 18:12 - 00000000 ____D C:\Qoobox
2013-07-26 19:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-07-26 18:59 - 2013-07-26 18:12 - 00000000 ____D C:\Windows\erdnt
2013-07-26 18:59 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-07-26 18:50 - 2013-07-26 17:54 - 00002360 _____ C:\Users\Home\Desktop\Rkill.txt
2013-07-26 18:09 - 2013-07-26 18:11 - 05093969 ____R (Swearware) C:\Users\Home\Desktop\ComboFix.exe
2013-07-26 18:01 - 2013-07-26 18:01 - 00000000 ____D C:\Users\Home\Desktop\rkill
2013-07-25 10:35 - 2013-07-25 10:35 - 00262144 ____N C:\Windows\Minidump\072513-24975-01.dmp
2013-07-25 10:35 - 2010-08-28 20:41 - 00000000 ____D C:\Windows\Minidump
2013-07-20 09:35 - 2011-05-02 07:11 - 00000000 ____D C:\Users\Home\AppData\Roaming\KeePass
2013-07-20 08:33 - 2013-07-20 08:33 - 00014389 _____ C:\Users\Home\Desktop\attach.txt
2013-07-20 08:33 - 2013-07-20 08:33 - 00011790 _____ C:\Users\Home\Desktop\dds.txt
2013-07-20 08:25 - 2013-07-20 08:25 - 00000909 _____ C:\Users\LogMeInRemoteUser\Desktop\ERUNT.lnk
2013-07-20 08:25 - 2013-07-20 08:25 - 00000909 _____ C:\Users\Home\Desktop\ERUNT.lnk
2013-07-20 08:25 - 2013-07-20 08:25 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-19 23:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-07-19 20:20 - 2013-07-19 20:20 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-19 20:20 - 2013-07-19 20:20 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-19 20:12 - 2013-03-18 21:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-19 20:12 - 2013-03-18 21:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-19 19:21 - 2012-12-10 22:15 - 00000000 ____D C:\Users\Home\AppData\Roaming\Real
2013-07-19 02:18 - 2013-07-19 02:18 - 00000000 ____D C:\Windows\9E23819E8AF44D25A7FE7756C9E3DBB9.TMP
2013-07-19 02:11 - 2012-12-10 22:11 - 00000000 ____D C:\ProgramData\Real
2013-07-18 23:39 - 2012-07-15 19:57 - 00000343 _____ C:\Windows\lgfwup.ini
2013-07-18 23:34 - 2012-07-15 19:57 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-07-18 22:53 - 2011-03-10 20:05 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-07-12 23:31 - 2012-11-12 20:00 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-11 17:25 - 2012-11-12 20:00 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-11 17:25 - 2012-11-12 20:00 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-05 09:39 - 2010-01-31 20:06 - 00000000 ____D C:\Users\Public\Documents\camp
2013-07-04 09:52 - 2013-01-07 07:47 - 00000000 ____D C:\Users\Public\Documents\donations 2013
2013-07-03 06:48 - 2010-01-31 20:07 - 00000000 ____D C:\Users\Public\Documents\Personal
2013-07-02 21:44 - 2010-01-31 20:07 - 00000000 ____D C:\Users\Public\Documents\recipes
2013-07-02 13:25 - 2010-01-31 20:06 - 00000000 ____D C:\Users\Public\Documents\art hyde
2013-07-02 13:07 - 2013-03-10 21:04 - 00000000 ____D C:\Users\Public\Documents\blue and tan rhombi problem
2013-06-30 08:08 - 2010-01-31 20:06 - 00000000 ____D C:\Users\Public\Documents\evie

Files to move or delete:
====================
C:\ProgramData\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe
C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
C:\ProgramData\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe
C:\ProgramData\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
C:\ProgramData\Tempmozy-update-c0261ff8012aad585d55140a9b6ddcb9.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 10:45

==================== End Of Log ============================
OCD
2013-07-27, 08:21
Hi grhull,

1. FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



C:\ProgramData\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe
C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
C:\ProgramData\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe
C:\ProgramData\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
C:\ProgramData\Tempmozy-update-c0261ff8012aad585d55140a9b6ddcb9.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

=========================

2. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Right click mbam-setup.exe and select "Run as Administrator" and follow the prompts to install the program.

At the end, be sure a check-mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg


When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

=========================

3. ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:


Fixlog.txt
MBAM log
ESET's log.txt
How is the computer running, any remaining issues?
grhull
2013-07-27, 17:15
The scans ran successfully. The only problem I am still having is the brs.exe MSVCR71.dll issue. As long as that isn't malware related I should be able to figure it out. Here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013
Ran by Home at 2013-07-27 07:43:56 Run:1
Running from C:\Users\Home\Desktop\Fixes_07_20_2013
Boot Mode: Normal
==============================================

C:\ProgramData\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe => Moved successfully.
C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe => Moved successfully.
C:\ProgramData\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe => Moved successfully.
C:\ProgramData\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe => Moved successfully.
C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe => Moved successfully.
C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe => Moved successfully.
C:\ProgramData\Tempmozy-update-c0261ff8012aad585d55140a9b6ddcb9.exe => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Home :: MEDIA_01_10 [administrator]

7/27/2013 8:00:45 AM
mbam-log-2013-07-27 (08-00-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237883
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET didn't find any threats.

Thanks again for all the help.
OCD
2013-07-28, 05:49
Hi grhull,

The issues with these files don't appear to be malware related

Can you explain what issues you are having with each of these files:

brs.exe - http://www.processlibrary.com/directory/files/brs/431356/ - PowerDVD by Cyberlink
MSVCR71.dll - http://www.dll-files.com/dllindex/dll-files.shtml?msvcr71 - Microsoft® C Runtime Library, Microsoft® Visual Studio .NET

=========================

This next step will look for copies already on your computer.

1. SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download the version suitable to your computer.
32 bit System:
Link 1 - 32 bit (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 - 32 bit (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 bit System:
Link 1 - 64 bit (http://jpshortstuff.247fixes.com/SystemLook_x64.exe)
Link 2 - 64 bit (http://images.malwareremoval.com/jpshortstuff/SystemLook_x64.exe)

Right click SystemLook.exe and select "Run as Administrator" to run it.
Copy the content of the following code-box into the main text-field:


:filefind
brs.exe
MSVCR71.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

=========================

In your next post please provide the following:


SystemLook.txt
grhull
2013-07-28, 13:27
The only problem with this is on startup. I get the attached message. Here are the results of the look:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:23 on 27/07/2013 by Home
Administrator - Elevation successful

========== filefind ==========

Searching for "brs.exe"
C:\Program Files (x86)\CyberLink\Shared files\brs.exe ------- 75048 bytes [00:54 16/07/2012] [00:37 28/09/2011] 90B142C67907BCC2A5D2CDFDC008BE8E

Searching for "MSVCR71.dll"
C:\Program Files (x86)\CyberLink\Advisor\msvcr71.dll ------- 348160 bytes [00:47 16/07/2012] [19:38 10/08/2011] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\msvcr71.dll --a---- 353576 bytes [20:05 31/08/2011] [20:05 31/08/2011] 1BBB022AE7A9918DFD7D5B5679AE5229
C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\OLRSubmission\msvcr71.dll --a---- 353576 bytes [20:06 31/08/2011] [20:06 31/08/2011] A9F4941AB87DDC0E71DF912F9CB34C01
C:\Program Files (x86)\CyberLink\LabelPrint\msvcr71.dll --a---- 353576 bytes [16:44 24/12/2010] [16:44 24/12/2010] 29B863D9E19722BC32AF38436B8E36B5
C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\msvcr71.dll --a---- 348160 bytes [19:12 15/11/2010] [19:12 15/11/2010] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\MediaEspresso\msvcr71.dll ------- 348160 bytes [00:50 16/07/2012] [07:40 25/04/2011] CA2F560921B7B8BE1CF555A5A18D54C3
C:\Program Files (x86)\CyberLink\MediaEspresso\Custom\Setting\MSVCR71.dll ------- 348160 bytes [00:50 16/07/2012] [07:40 25/04/2011] CA2F560921B7B8BE1CF555A5A18D54C3
C:\Program Files (x86)\CyberLink\MediaEspresso\OLRSubmission\msvcr71.dll ------- 348160 bytes [00:50 16/07/2012] [06:12 15/11/2010] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\msvcr71.dll ------- 348160 bytes [00:50 16/07/2012] [04:37 05/01/2011] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\Power2Go\msvcr71.dll --a---- 353576 bytes [18:44 15/12/2009] [18:44 15/12/2009] C861657FF753F4A6FA97C7ADFF4F3347
C:\Program Files (x86)\CyberLink\Power2Go\BigBang\msvcr71.dll --a---- 353576 bytes [17:15 12/03/2009] [17:15 12/03/2009] BF83BB75C7FB5624902930799998EF60
C:\Program Files (x86)\CyberLink\PowerDVD10\msvcr71.dll ------- 348160 bytes [00:52 16/07/2012] [00:52 16/07/2012] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\PowerDVD10\EvoParser\msvcr71.dll --a---- 348160 bytes [00:53 16/07/2012] [06:12 15/11/2010] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\msvcr71.dll --a---- 348160 bytes [15:25 03/10/2011] [15:25 03/10/2011] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cox\MSVCR71.dll --a---- 348160 bytes [20:34 05/05/2011] [20:34 05/05/2011] 86F1895AE8C5E8B17D99ECE768A70732
C:\Program Files (x86)\CyberLink\PowerProducer\msvcr71.dll --a---- 353576 bytes [00:10 20/10/2010] [00:10 20/10/2010] 509ABA4C03F816C232817C7F30BA554E
C:\Program Files (x86)\CyberLink\PowerProducer\OLRSubmission\msvcr71.dll --a---- 348160 bytes [19:12 15/11/2010] [19:12 15/11/2010] 86F1895AE8C5E8B17D99ECE768A70732

-= EOF =-
OCD
2013-07-28, 17:10
Hi grhull,

Both of those files appear to be related to CyberLink.

These are the programs installed related to CyberLink:


LG CyberLink BD Advisor (x32 Version: 2.0.4606)
LG CyberLink LabelPrint (x32 Version: 2.5.3624)
LG CyberLink Media Suite (x32 Version: 8.0.2820)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a)


Do you use that program?
If so, was it a download or do you have an installation disk for it?

The easiest way to remedy the error messages you are receiving would be to uninstall and reinstall.

Uninstall methods:

If the program has an uninstall feature try that first.
Next tryuninstall via Programs & Features in the Control Panel.

If you can uninstall parts of CyberLink individually I would do CyberLink PowerDVD (x32 Version: 10.0.3424.52) as this is what the file brs.exe is related to.

After you complete the uninstall / reinstall, reboot and see if the error message are still present.
grhull
2013-07-28, 20:58
I upgraded to the latest version 10 of cyberlink and the error has been resolved. Anything else left to do?
OCD
2013-07-28, 21:29
Hi grhull,

Your log appears to be clean. :bigthumb:

We have a few items to take care of before we get to the All Clean Speech.

=========================

1. Uninstall Combofix

The following will implement important cleanup procedures as well as reset System Restore points:

Click on the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/CFwindows-7-start-menu_zps188282d2.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CFwindows-7-start-menu_zps188282d2.jpg.html)

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

=========================

2. Clean up with OTL:

Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

=========================

3. You can now delete any tools and/or logs remaining on your desktop.

=========================

4. Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Adobe Reader 10.1.7

=========================

5. Adobe Reader:

Go to http://get.adobe.com/reader/otherversions/

Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
grhull
2013-07-28, 23:04
I have performed the outlined steps with the following exceptions:

I was never able to get OTL to run, so it wasn't installed on my computer and didn't need to be uninstalled.
Combofixer /uninstall didn't come up in the search, so I ran it from a command prompt with the uninstall switch.
I also uninstalled malware bytes from the programs uninstall menu.
I also uninstalled urunt from the programs uninstall menu.

I am very happy with the way my computer is working and I am very grateful for your help. Where can I contribute to the cause?

Thanks!

Greg
OCD
2013-07-29, 03:04
Hi Greg ,

You're very welcome. Glad I was able to help. :bigthumb:

If you would like to make a donation please visit here (http://www.safer-networking.org/dl/donate/) for information on how to do so.

Thank you, have a great day.
grhull
2013-07-29, 03:34
I contributed. Thanks again for all your work.
OCD
2013-07-29, 07:02
Hi grhull,

Thank you for the contribution. Glad I was able to help. :bigthumb: Have a great day.

Since this issue appears to be resolved ... this Topic has been closed.