Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Problems with laptop [Solved]

Started by chrissy72 , Mar 01 2014 03:16 PM

  • This topic is locked This topic is locked
23 replies to this topic

#1 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 01 March 2014 - 03:16 PM

Hey guys

 

Jo was helping me with my laptop problems but I do apologise, I have been so busy and the thread has been closed so please refer to my past post here...... http://forums.whatthetech.com/index.php?showtopic=127847 

 

Ok, before I post the latest results, I will explain what has been happening. After I downloaded the MBAM Rootkit remover, it would not allow me to install it. I cannot remember the exact error message but it was not one of the ones that Jo mentioned I might encounter. After several attempts with no success, I gave up and downloaded and installed the ADWcleaner. Immediately it popped up with a message that a possible rootkit had been detected and it was removing it before proceeding? I did not do the scan straight away, but instead tried installing the MBAM rootkit again and it did it without any problems. I am now doing the scans and will post the results as soon as somebody answers this thread (as I dont want to answer my own thread beforehand incase its thought that Im already being helped).

 

Thanks and I again apologise for taking so long to reply 

 

Chrissy  :D


Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 03 March 2014 - 09:24 AM

Hi Chrissy! :adios:

 

Post away and let's see if we can tell what is going on there.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 03 March 2014 - 07:59 PM

Hey TomK and thanks for your response

 

Im afraid theres not much to post yet. I did the MBBAM rootkit scan. It took over 30 hours to complete and came up with no threats found. The AdwCleaner scan has been running for almost another 24 hours and still going so I shall post those results when it finishes sometime this millennium haahaa.  


Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 March 2014 - 12:09 AM

That's ridiculous. 

 

What you are describing sounds more like a hardware problem than a malware problem.

 

Take a good look at the laptop.  Are the exhaust fans running?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 04 March 2014 - 05:18 PM

I think they are, its making a quiet humm and its warm but not hot?? Sorry Im not too sure how to tell? The AdwCleaner is still running its scan and the only thing showing with a tick so far is the Recycle bin and its been running for almost 2 days now! Its very unresponsive most of the time but other times it browses quite quickly. I just discovered the avast AV had turned itself off again which is strange (3rd time its done it) so I have switched it back on again. Also I had turned the windows firewall off so as it wouldnt clash with the Avast but the windows firewall was on again which is also weird....nobody has been using the laptop since I started trying to fix it. Theres also an icon on the bottom of the desktop with an exclamation mark which says Intel RST service is not running (sorry have no idea what this is).  Theres also a flag (ive just realised) with a cross that says "solve pc issues. 2 Important messages"?? These are both in teh hidden icons down the bottom right hand side.  


Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 March 2014 - 06:37 PM

I believe Intel RST service has to do with a Raid install.  This is over my paygrade.  Or at least my realm of any coherent knowledge.

 

You'll be all year running any scans this way.  See if you can shut it down, then try just running a DDS scan in safe mode and see what happens.

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  •  
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments,  attach.txt will open in a second window.
  • Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt and Attach.txt reports in your next reply

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 March 2014 - 06:38 PM

Oh... one more thing.  What do the two messages say?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 04 March 2014 - 10:06 PM

Hello Tomk.....I am going to see if I can shut her down and then do the DDS. The 2 messages were just about the windows firewall being shut off and something to do with backup. 


Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

#9 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 05 March 2014 - 05:49 AM

Please find DDStxt below and attachtxt attached. After shutting down it took almost 5 hours for it to start back up, better than a couple of days as it was previously but still way too slow. the intel thingy is apparently all good now, and the icons are looking normal again (they were all "boxed up" and overlapping one another on the task bar previously. Still very unresponsive but seems to be slightly better?? Oh and AVAST has turned itself off again.

Thanks

Chrissy

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Josh at 18:02:11 on 2014-03-05
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66} : DHCPNameServer = 168.95.1.1
TCP: Interfaces\{4A87EB1F-6546-4AAB-A8EF-D086141FA794} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{4A87EB1F-6546-4AAB-A8EF-D086141FA794}\642756E63686160716368656 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? aswStm;aswStm
R? avast! Antivirus;avast! Antivirus
R? BEService;BattlEye Service
R? BRDriver64;BRDriver64
R? BRSptSvc;BitRaider Mini-Support Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DsiWMIService;Dritek WMI Service
R? ePowerSvc;Acer ePower Service
R? GREGService;GREGService
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? MBAMScheduler;MBAMScheduler
R? MBAMService;MBAMService
R? MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver
R? MWLService;MyWinLocker Service
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? TurboBoost;TurboBoost
R? WatAdminSvc;Windows Activation Technologies Service
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? HECIx64;Intel® Management Engine Interface
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? Impcd;Impcd
S? IntcDAud;Intel® Display Audio
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? MBAMProtector;MBAMProtector
S? mwlPSDFilter;mwlPSDFilter
S? mwlPSDNServ;mwlPSDNServ
S? mwlPSDVDisk;mwlPSDVDisk
S? NOBU;Norton Online Backup
S? NTI IScheduleSvc;NTI IScheduleSvc
S? nvpciflt;nvpciflt
S? TurboB;Turbo Boost UI Monitor driver
S? UNS;Intel® Management & Security Application User Notification Service
S? Updater Service;Updater Service
.
=============== Created Last 30 ================
.
2014-03-04 18:32:01 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C57EA3B5-5D91-4159-89C7-A1EA49E8CDBB}\mpengine.dll
2014-03-01 20:56:34 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-01 20:56:12 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-01 20:55:11 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-01 20:54:01 -------- d-----w- C:\AdwCleaner
2014-02-25 19:49:16 -------- d-----w- C:\Windows\Migration
2014-02-22 23:25:50 -------- d-----w- C:\Users\Josh\rootkit
2014-02-22 16:45:20 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
2014-02-22 16:42:58 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-22 16:41:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-22 16:41:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 15:19:04 -------- d-----w- C:\FRST
2014-02-21 05:15:20 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-16 23:55:38 -------- d-----w- C:\Users\Josh\AppData\Local\Octodad
2014-02-16 23:52:59 -------- d-----w- C:\Program Files (x86)\Octodad
2014-02-16 06:30:26 -------- d-----w- C:\Users\Josh\AppData\Local\Apple Computer
2014-02-16 06:30:19 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-02-16 06:29:36 -------- d-----w- C:\Program Files\iPod
2014-02-16 06:29:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-16 06:29:35 -------- d-----w- C:\Program Files\iTunes
2014-02-16 06:29:35 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-16 06:28:19 -------- d-----w- C:\Users\Josh\AppData\Local\Apple
2014-02-12 22:40:08 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 22:40:08 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 13:46:22 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 13:45:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 13:45:56 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 13:45:56 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 13:45:55 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-11 19:07:08 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-07 22:40:03 -------- d-----w- C:\Users\Josh\AppData\Roaming\ftblauncher
2014-02-07 19:51:44 -------- d-----w- C:\Users\Josh\AppData\Local\Cyberlink
2014-02-07 09:18:35 -------- d-----w- C:\Program Files (x86)\Activision
2014-02-07 03:35:31 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2014-02-07 03:35:00 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio
2014-02-05 06:48:52 -------- d-----w- C:\Fraps
2014-02-05 04:33:29 -------- d-----w- C:\Users\Josh\AppData\Local\DayZCommander
2014-02-05 04:32:45 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2014-02-05 03:34:05 -------- d-----w- C:\Users\Josh\AppData\Local\ArmA 2 OA
2014-02-05 03:33:08 -------- d-----w- C:\Users\Josh\AppData\Local\ArmA 2
2014-02-05 03:28:44 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2014-02-05 03:28:44 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2014-02-05 03:28:44 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2014-02-05 03:28:44 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2014-02-05 03:28:42 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2014-02-05 03:28:42 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
.
==================== Find3M  ====================
.
2014-02-21 05:18:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 05:18:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-01 08:25:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 04:52:25 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-01-27 01:44:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-01-27 01:44:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-01-23 05:22:25 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-23 05:21:51 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-23 05:21:51 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-23 05:21:51 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-23 05:21:51 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-23 05:21:51 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-23 05:21:50 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-17 19:15:42 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-01-17 19:15:42 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2014-01-17 19:15:41 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-17 19:11:22 206208 ----a-w- C:\Windows\PLFSetI.exe
2014-01-17 18:57:05 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-01-17 18:56:27 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-01-17 18:56:26 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-01-17 18:55:43 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2013-12-17 22:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 18:42:56.21 ===============

Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

#10 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 05 March 2014 - 05:53 AM

Attached File  attach.txt   2.94KB   229 downloads


Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

    Advertisements

Register to Remove

#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 05 March 2014 - 09:09 AM

Logs are incomplete... not from what you've done, but because things just aren't working right some some stuff isn't being reported.  I suspect the problems could be caused because you're running your computer upside down. :whistling:

 

Let's see if ComboFix will run and maybe we can "kickstart" a few things.

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 06 March 2014 - 03:43 AM

lol Tomk, not too sure what you mean by "running my computer upside down" haahaahaa?? This is my teenage sons laptop so please let me know if you see anything that he shouldnt be doing!! Ok heres the combofix log...............

 ComboFix 14-03-05.01 - Josh 06/03/2014   7:24.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3767.2209 [GMT 8:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-06 to 2014-03-06  )))))))))))))))))))))))))))))))
.
.
2014-03-06 00:22 . 2014-03-06 00:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-06 00:22 . 2014-03-06 00:22 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-06 00:22 . 2014-03-06 00:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-05 23:06 . 2014-03-05 23:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C57EA3B5-5D91-4159-89C7-A1EA49E8CDBB}\offreg.dll
2014-03-04 18:32 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C57EA3B5-5D91-4159-89C7-A1EA49E8CDBB}\mpengine.dll
2014-03-01 20:56 . 2014-03-03 03:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-01 20:56 . 2014-03-01 20:56 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-01 20:55 . 2014-03-01 20:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-01 20:54 . 2014-03-03 03:41 -------- d-----w- C:\AdwCleaner
2014-02-25 19:49 . 2014-02-25 19:49 -------- d-----w- c:\windows\Migration
2014-02-22 23:25 . 2014-02-22 23:25 -------- d-----w- c:\users\Josh\rootkit
2014-02-22 16:45 . 2014-02-22 16:45 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2014-02-22 16:42 . 2014-02-22 16:42 -------- d-----w- c:\programdata\Malwarebytes
2014-02-22 16:41 . 2014-02-22 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-22 16:41 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 15:19 . 2014-02-22 16:02 -------- d-----w- C:\FRST
2014-02-21 05:15 . 2014-02-21 05:15 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-16 23:55 . 2014-02-16 23:55 -------- d-----w- c:\users\Josh\AppData\Local\Octodad
2014-02-16 23:52 . 2014-02-16 23:55 -------- d-----w- c:\program files (x86)\Octodad
2014-02-16 06:30 . 2014-02-20 04:04 -------- d-----w- c:\users\Josh\AppData\Roaming\Apple Computer
2014-02-16 06:30 . 2014-02-16 06:30 -------- d-----w- c:\users\Josh\AppData\Local\Apple Computer
2014-02-16 06:30 . 2014-02-19 15:08 -------- dc----w- c:\windows\system32\DRVSTORE
2014-02-16 06:30 . 2012-08-21 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-02-16 06:29 . 2014-02-16 06:29 -------- d-----w- c:\program files\iPod
2014-02-16 06:29 . 2014-02-16 06:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-16 06:29 . 2014-02-16 06:30 -------- d-----w- c:\program files\iTunes
2014-02-16 06:29 . 2014-02-16 06:30 -------- d-----w- c:\program files (x86)\iTunes
2014-02-16 06:29 . 2014-02-16 06:29 -------- d-----w- c:\programdata\Apple Computer
2014-02-16 06:28 . 2014-02-16 06:28 -------- d-----w- c:\users\Josh\AppData\Local\Apple
2014-02-16 06:28 . 2014-02-16 06:28 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-16 06:28 . 2014-02-16 06:28 -------- d-----w- c:\program files\Common Files\Apple
2014-02-16 06:27 . 2014-02-16 06:29 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-02-16 06:27 . 2014-02-16 06:28 -------- d-----w- c:\programdata\Apple
2014-02-12 22:40 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 22:40 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 13:46 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 13:45 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 13:45 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 13:45 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 13:45 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-11 19:07 . 2014-02-11 19:06 312744 ----a-w- c:\windows\system32\javaws.exe
2014-02-11 19:07 . 2014-02-11 19:07 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-02-11 19:07 . 2014-02-11 19:06 189352 ----a-w- c:\windows\system32\javaw.exe
2014-02-11 19:07 . 2014-02-11 19:06 189352 ----a-w- c:\windows\system32\java.exe
2014-02-11 19:06 . 2014-02-11 19:06 -------- d-----w- c:\program files\Java
2014-02-07 22:40 . 2014-02-09 14:41 -------- d-----w- c:\users\Josh\AppData\Roaming\ftblauncher
2014-02-07 19:51 . 2014-02-07 19:51 -------- d-----w- c:\users\Josh\AppData\Local\Cyberlink
2014-02-07 19:51 . 2014-02-07 19:51 -------- d-----w- c:\users\Public\CyberLink
2014-02-07 19:51 . 2014-02-07 19:51 -------- d-----w- c:\programdata\CyberLink
2014-02-07 19:51 . 2014-02-07 19:51 -------- d-----w- c:\users\Josh\AppData\Roaming\CyberLink
2014-02-07 09:18 . 2014-02-07 09:18 -------- d-----w- c:\program files (x86)\Activision
2014-02-07 03:35 . 2014-02-07 03:35 -------- d-----w- c:\program files (x86)\Common Files\BattlEye
2014-02-07 03:35 . 2014-02-07 03:35 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2014-02-06 08:40 . 2014-02-06 08:41 -------- d-----w- c:\program files\WinRAR
2014-02-05 06:48 . 2014-02-11 20:30 -------- d-----w- C:\Fraps
2014-02-05 04:33 . 2014-02-05 04:33 -------- d-----w- c:\users\Josh\AppData\Local\DayZCommander
2014-02-05 04:32 . 2014-02-05 04:32 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2014-02-05 03:34 . 2014-02-11 18:12 -------- d-----w- c:\users\Josh\AppData\Local\ArmA 2 OA
2014-02-05 03:33 . 2014-02-05 03:33 -------- d-----w- c:\users\Josh\AppData\Local\ArmA 2
2014-02-05 03:28 . 2008-10-14 22:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-02-05 03:28 . 2008-10-14 22:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2014-02-05 03:28 . 2008-10-14 22:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-02-05 03:28 . 2008-10-14 22:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2014-02-05 03:28 . 2008-10-14 22:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-02-05 03:28 . 2008-10-14 22:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 05:18 . 2014-01-23 05:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 05:18 . 2014-01-23 05:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 22:42 . 2014-01-25 10:02 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-01 08:25 . 2014-02-01 08:25 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-30 00:47 . 2014-01-30 00:47 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-30 00:47 . 2014-01-30 00:47 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-30 00:47 . 2014-01-30 00:47 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-30 00:47 . 2014-01-30 00:47 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-30 00:47 . 2014-01-30 00:47 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-30 00:47 . 2014-01-30 00:47 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-30 00:47 . 2014-01-30 00:47 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-30 00:47 . 2014-01-30 00:47 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-30 00:47 . 2014-01-30 00:47 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-30 00:47 . 2014-01-30 00:47 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-30 00:47 . 2014-01-30 00:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-30 00:47 . 2014-01-30 00:47 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-30 00:47 . 2014-01-30 00:47 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-30 00:47 . 2014-01-30 00:47 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-30 00:47 . 2014-01-30 00:47 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-30 00:47 . 2014-01-30 00:47 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-30 00:47 . 2014-01-30 00:47 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-30 00:47 . 2014-01-30 00:47 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-30 00:47 . 2014-01-30 00:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-30 00:47 . 2014-01-30 00:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-30 00:47 . 2014-01-30 00:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-30 00:47 . 2014-01-30 00:47 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-30 00:47 . 2014-01-30 00:47 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-30 00:47 . 2014-01-30 00:47 413696 ----a-w- c:\windows\system32\html.iec
2014-01-30 00:47 . 2014-01-30 00:47 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-30 00:47 . 2014-01-30 00:47 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-30 00:47 . 2014-01-30 00:47 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-30 00:47 . 2014-01-30 00:47 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-30 00:47 . 2014-01-30 00:47 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-30 00:47 . 2014-01-30 00:47 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-30 00:47 . 2014-01-30 00:47 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-30 00:47 . 2014-01-30 00:47 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-30 00:47 . 2014-01-30 00:47 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-30 00:47 . 2014-01-30 00:47 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-30 00:47 . 2014-01-30 00:47 235520 ----a-w- c:\windows\system32\url.dll
2014-01-30 00:47 . 2014-01-30 00:47 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-30 00:47 . 2014-01-30 00:47 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-30 00:47 . 2014-01-30 00:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-30 00:47 . 2014-01-30 00:47 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-30 00:47 . 2014-01-30 00:47 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-30 00:47 . 2014-01-30 00:47 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-30 00:47 . 2014-01-30 00:47 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-30 00:47 . 2014-01-30 00:47 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-30 00:47 . 2014-01-30 00:47 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-30 00:47 . 2014-01-30 00:47 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-30 00:47 . 2014-01-30 00:47 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-30 00:47 . 2014-01-30 00:47 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-30 00:47 . 2014-01-30 00:47 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-30 00:47 . 2014-01-30 00:47 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-30 00:47 . 2014-01-30 00:47 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-30 00:47 . 2014-01-30 00:47 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-30 00:47 . 2014-01-30 00:47 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-29 04:52 . 2014-01-29 04:52 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-01-29 04:51 . 2014-01-29 04:51 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-29 04:51 . 2014-01-29 04:51 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-01-29 04:51 . 2014-01-29 04:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-29 04:51 . 2014-01-29 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-29 04:51 . 2014-01-29 04:51 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-01-29 04:51 . 2014-01-29 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-29 04:51 . 2014-01-29 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-29 04:51 . 2014-01-29 04:51 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-01-29 04:51 . 2014-01-29 04:51 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-01-29 04:51 . 2014-01-29 04:51 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-01-29 04:51 . 2014-01-29 04:51 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-29 04:51 . 2014-01-29 04:51 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-01-29 04:51 . 2014-01-29 04:51 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-01-29 04:51 . 2014-01-29 04:51 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-01-29 04:51 . 2014-01-29 04:51 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-01-29 04:51 . 2014-01-29 04:51 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-29 04:51 . 2014-01-29 04:51 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-01-29 04:51 . 2014-01-29 04:51 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-29 04:51 . 2014-01-29 04:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-29 04:51 . 2014-01-29 04:51 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-01-29 04:51 . 2014-01-29 04:51 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-29 04:51 . 2014-01-29 04:51 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-01-29 04:51 . 2014-01-29 04:51 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-01-29 04:51 . 2014-01-29 04:51 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-29 04:51 . 2014-01-29 04:51 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-01-29 04:51 . 2014-01-29 04:51 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-29 04:51 . 2014-01-29 04:51 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
.
[7] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2013-04-12 . B98F8C6E31CD07B2E6F71F7F648E38C0 . 1656680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2013-09-08 . 40AF23633D197905F03AB5628C558C51 . 1903552 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe
.
[7] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2012-11-22 . DBF99FD9CAF75CA66D042BD8D050FF71 . 800768 . . [1.0626.7601.18009] .. c:\windows\system32\usp10.dll
.
[7] 2013-08-02 . D8973E71F1B35CD3F3DEA7C12D49D0F0 . 1161216 . . [6.1.7601.18015] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2013-06-06 . 796B47A4B82EF1C39F13435B88834C48 . 41472 . . [6.1.7601.18177] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2014-02-06 . D016F5092E4FFC41147E8555A71D2DDE . 23170048 . . [11.00.9600.16428] .. c:\windows\system32\mshtml.dll
.
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[7] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2014-02-06 . 263B6E451526A90FF8B1CEC759F22956 . 2334208 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[7] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_3379f9236aff5f84\shsvcs.dll
.
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2013-08-29 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] .. c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[7] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[7] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[7] 2013-03-19 . B02D4E4A4EBEF9E33488969DF6E9BC22 . 3958120 . . [6.1.7600.17273] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2014-02-06 . 4263F6C131E513CEA1AE82B5B81A4E1A . 808152 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[7] 2014-01-30 . C8A8321292A459B0A17FB39A782A5C74 . 806096 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[7] 2014-01-29 . 9ED469260687108F5F8FD544D56ABC54 . 770736 . . [10.00.9200.16750] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[7] 2013-03-04 . 050A612C1CE0C7095CAD64EA32C570DB . 672928 . . [8.00.7600.21484] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[7] 2013-03-02 . 58D926F3B2113BF849162C9C26FE21DC . 672912 . . [8.00.7600.17267] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
.
[7] 2013-08-29 . 998141EB656327F13B8EEC01BAADC5D4 . 3918272 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntoskrnl.exe
[7] 2013-08-29 . 813A7F5A2D6D366EB3FFB643B851BCE5 . 3914176 . . [6.1.7601.18247] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2013-08-29 . 813A7F5A2D6D366EB3FFB643B851BCE5 . 3914176 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntoskrnl.exe
[7] 2013-08-02 . BE61C925CC1A1340840EFF07A5911612 . 3918272 . . [6.1.7601.22411] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntoskrnl.exe
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-23 3764024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 10:25 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-23 05:18]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 05:11]
.
2014-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 05:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-23 05:21 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2014-01-17 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-06  10:29:52
ComboFix-quarantined-files.txt  2014-03-06 02:29
.
Pre-Run: 299,581,374,464 bytes free
Post-Run: 300,182,204,416 bytes free
.
- - End Of File - - 1CDAEDE5843A43AF8C6FC6D5AB6901FD

Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 March 2014 - 09:01 AM

 

lol Tomk, not too sure what you mean by "running my computer upside down"

It's a "down under" operating system on a "topside" device.  I honestly don't know how you people keep from falling off.

 

The scan shows that a boatload of system files have been patched and/or have failed.  This could be corruption (possibly even from a failing drive) or it could be a file infector  - but Mbam should have found that.

 

Let's try this:

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 chrissy72

chrissy72

    Silver Member

  • Authentic Member
  • PipPipPip
  • 252 posts

Posted 07 March 2014 - 05:45 AM

:rofl: I cant believe I didnt get the aussie "down under and upside down" reference in that lol. DOH! So Im doing all the windows repair stages but its gunna take some time as I have to restart windows after each one (which takes hours!!) so it looks like I shall be working on this over the weekend so please dont close this thread cos I shall be back. Im getting the dreaded feeling that you may be right and it could maybe be a drive failing. Would not surprise me if I have been ripped off by an unscrupulous dealer!  


Learn from yesterday, live for today, hope for tomorrow. -Albert Einstein.

#15 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 March 2014 - 09:47 AM

This sounds bad.  You may drown from high seas brought on by global warming before you get through a process that should take maybe an hour or less.

 

If I understand correctly, the system was working correctly.  This tells me that it was working correctly when you purchased it so the dealer was probably not unscrupulous.  Mechanical devices often work fine until they don't.  There is always a risk that any computer will not start up again at anytime.  Perhaps an example would be... have you ever installed a brand new lightbulb into a lamp and have it only last a few days - yet at other times you put in a new lamp and it lasts for years.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·