Hi, thank you for your assistance. I thought I had already sent this post but could not find it anywhere, sorry if you have already received it. My problems mostly occur in google chrome, not quite as bad in IE. I get hijacked by about:blank then to reimageplus.com and newspaperson.info. I also get hijacked by campaigns.radioplanets.com. I seem to get a lot of ads come up after a search such as mydealmatch.com, ask.com, wonderwhat.biz, find-E.com and Fooffa.com. Sometimes my text size just changes and I have also had a voice tell me to send personal details to receive a million dollars in a few weeks.
I have attached the 2 zip files attach.txt and ark.txt, my DDS.text is as follows, cheers
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Matt at 23:11:32 on 2015-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3895.2256 [GMT 10.5:30]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\SpywareGuard\sgmain.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\SpywareGuard\sgbhp.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.au/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\Matt\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=49a12bef92f547d28a185a82ea82bb6a-bf17aa71637868c5fcab111622bd4c5d0afa5308 /CMPID=0214c
uRun: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help" /build:7601
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{00B0B80F-10E9-45DA-BFF8-D3C61D076948} : DHCPNameServer = 10.1.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SaleesMAgnaet: {3f024374-c210-4186-b5d5-5beebb7595b2} - C:\ProgramData\SaleesMAgnaet\SpOtLBUag4asPy.x64.dll
x64-BHO: dowNNlooaditkeepa: {943ade4e-945b-4252-826a-a6209901e9d7} - C:\ProgramData\dowNNlooaditkeepa\I2C3C3IFzhkgza.x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll
x64-BHO: PriceDowNlioaaderr: {d6c5c6b0-63e8-4c03-ab99-f07ee7ce8aac} - C:\ProgramData\PriceDowNlioaaderr\wuOsbi9Nhvxgdw.x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-20 269080]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-11-7 289328]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-1-7 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-1-7 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-1-7 171928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-5 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2014-2-23 151936]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-12 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-23 40448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-1-6 114688]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-9 122584]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2015-1-8 47632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-28 1255736]
.
=============== Created Last 30 ================
.
2015-01-07 20:00:59 47632 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2015-01-07 20:00:53 -------- d-----w- C:\Windows\SysWow64\DASBOOT
2015-01-07 20:00:44 -------- d-----w- C:\Program Files (x86)\Panda Security
2015-01-07 12:29:42 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2015-01-07 12:29:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-01-07 12:29:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-07 12:22:47 -------- d-----w- C:\Program Files (x86)\SpywareGuard
2015-01-07 10:54:23 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2015-01-07 10:54:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2015-01-07 10:54:23 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2015-01-07 10:54:23 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2015-01-07 10:54:12 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-07 10:54:12 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-07 00:28:28 -------- d-----w- C:\ProgramData\nidimhdebfjohjihnhfefkpdhdgidnka
2015-01-07 00:21:25 -------- d-sh--w- C:\Users\Matt\AppData\Local\EmieBrowserModeList
2015-01-06 17:30:23 -------- d-----w- C:\Windows\System32\appraiser
2015-01-06 16:46:43 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2015-01-06 16:46:43 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-01-06 16:46:43 4121600 ----a-w- C:\Windows\System32\mf.dll
2015-01-06 16:46:43 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2015-01-06 16:46:43 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2015-01-06 16:46:43 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-01-06 16:46:43 206848 ----a-w- C:\Windows\System32\mfps.dll
2015-01-06 16:46:43 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-01-06 16:46:43 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-01-06 16:46:43 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2015-01-06 16:35:34 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-01-06 16:35:34 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-01-06 16:32:38 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-01-06 16:32:38 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-01-06 16:32:37 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-01-06 16:32:37 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-01-06 16:32:36 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-01-06 16:32:36 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-01-06 16:32:21 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-01-06 16:32:21 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-01-06 11:13:31 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-01-06 11:11:38 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-01-06 11:11:38 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-06 11:11:38 681984 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-06 11:11:37 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-06 11:11:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-06 11:11:03 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2015-01-06 11:11:02 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-01-06 11:11:02 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-01-06 11:11:02 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-01-06 11:11:01 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-01-06 11:11:00 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-01-06 11:10:07 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-01-06 11:10:07 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-01-06 11:10:07 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-01-06 11:10:06 692736 ----a-w- C:\Windows\System32\osk.exe
2015-01-06 11:10:06 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2015-01-06 11:10:06 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-01-06 11:10:06 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-01-06 11:10:06 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-01-06 11:10:06 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-01-06 11:10:06 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-01-06 11:09:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-06 11:09:56 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-06 11:09:50 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-01-06 11:09:50 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-01-06 11:09:50 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-01-06 11:09:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-01-06 11:09:07 624128 ----a-w- C:\Windows\System32\qedit.dll
2015-01-06 11:09:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2015-01-06 11:09:05 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2015-01-06 11:09:02 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2015-01-06 11:02:35 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2015-01-06 11:01:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-01-06 11:00:45 3198976 ----a-w- C:\Windows\System32\win32k.sys
2015-01-06 11:00:40 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-01-06 11:00:40 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-01-06 11:00:40 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-01-06 11:00:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-01-06 11:00:39 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-01-06 11:00:39 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-01-06 11:00:39 112064 ----a-w- C:\Windows\System32\consent.exe
2015-01-06 10:57:59 -------- d-----w- C:\ProgramData\SaleesMAgnaet
2015-01-06 10:57:43 -------- d-----w- C:\ProgramData\dowNNlooaditkeepa
2015-01-06 10:57:27 -------- d-----w- C:\ProgramData\PriceDowNlioaaderr
2015-01-06 10:55:30 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-01-06 10:55:30 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-01-06 10:55:27 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-01-06 10:55:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-01-06 10:55:26 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-01-06 10:55:25 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-01-06 10:22:05 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2015-01-06 10:21:51 97792 ----a-w- C:\Windows\System32\wudriver.dll
2015-01-06 10:21:51 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-01-06 10:21:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-06 10:21:28 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-01-06 10:21:28 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2015-01-06 10:21:28 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2015-01-07 12:16:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-07 12:16:05 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-18 04:26:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-29 10:33:36 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-23 23:50:06 237848 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-10-20 04:45:50 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:11:44.09 ===============
I have attached the 2 zip files attach.txt and ark.txt, my DDS.text is as follows, cheers
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Matt at 23:11:32 on 2015-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3895.2256 [GMT 10.5:30]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\SpywareGuard\sgmain.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\SpywareGuard\sgbhp.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.au/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\Matt\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=49a12bef92f547d28a185a82ea82bb6a-bf17aa71637868c5fcab111622bd4c5d0afa5308 /CMPID=0214c
uRun: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help" /build:7601
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{00B0B80F-10E9-45DA-BFF8-D3C61D076948} : DHCPNameServer = 10.1.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SaleesMAgnaet: {3f024374-c210-4186-b5d5-5beebb7595b2} - C:\ProgramData\SaleesMAgnaet\SpOtLBUag4asPy.x64.dll
x64-BHO: dowNNlooaditkeepa: {943ade4e-945b-4252-826a-a6209901e9d7} - C:\ProgramData\dowNNlooaditkeepa\I2C3C3IFzhkgza.x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll
x64-BHO: PriceDowNlioaaderr: {d6c5c6b0-63e8-4c03-ab99-f07ee7ce8aac} - C:\ProgramData\PriceDowNlioaaderr\wuOsbi9Nhvxgdw.x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-20 269080]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-11-7 289328]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-1-7 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-1-7 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-1-7 171928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-5 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2014-2-23 151936]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-12 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-23 40448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-1-6 114688]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-9 122584]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2015-1-8 47632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-28 1255736]
.
=============== Created Last 30 ================
.
2015-01-07 20:00:59 47632 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2015-01-07 20:00:53 -------- d-----w- C:\Windows\SysWow64\DASBOOT
2015-01-07 20:00:44 -------- d-----w- C:\Program Files (x86)\Panda Security
2015-01-07 12:29:42 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2015-01-07 12:29:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-01-07 12:29:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-07 12:22:47 -------- d-----w- C:\Program Files (x86)\SpywareGuard
2015-01-07 10:54:23 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2015-01-07 10:54:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2015-01-07 10:54:23 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2015-01-07 10:54:23 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2015-01-07 10:54:12 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-07 10:54:12 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-07 00:28:28 -------- d-----w- C:\ProgramData\nidimhdebfjohjihnhfefkpdhdgidnka
2015-01-07 00:21:25 -------- d-sh--w- C:\Users\Matt\AppData\Local\EmieBrowserModeList
2015-01-06 17:30:23 -------- d-----w- C:\Windows\System32\appraiser
2015-01-06 16:46:43 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2015-01-06 16:46:43 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-01-06 16:46:43 4121600 ----a-w- C:\Windows\System32\mf.dll
2015-01-06 16:46:43 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2015-01-06 16:46:43 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2015-01-06 16:46:43 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-01-06 16:46:43 206848 ----a-w- C:\Windows\System32\mfps.dll
2015-01-06 16:46:43 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-01-06 16:46:43 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-01-06 16:46:43 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2015-01-06 16:35:34 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-01-06 16:35:34 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-01-06 16:32:38 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-01-06 16:32:38 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-01-06 16:32:37 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-01-06 16:32:37 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-01-06 16:32:36 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-01-06 16:32:36 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-01-06 16:32:21 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-01-06 16:32:21 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-01-06 11:13:31 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-01-06 11:11:38 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-01-06 11:11:38 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-06 11:11:38 681984 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-06 11:11:37 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-06 11:11:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-06 11:11:03 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2015-01-06 11:11:02 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-01-06 11:11:02 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-01-06 11:11:02 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-01-06 11:11:01 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-01-06 11:11:00 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-01-06 11:10:07 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-01-06 11:10:07 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-01-06 11:10:07 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-01-06 11:10:06 692736 ----a-w- C:\Windows\System32\osk.exe
2015-01-06 11:10:06 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2015-01-06 11:10:06 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-01-06 11:10:06 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-01-06 11:10:06 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-01-06 11:10:06 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-01-06 11:10:06 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-01-06 11:09:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-06 11:09:56 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-06 11:09:50 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-01-06 11:09:50 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-01-06 11:09:50 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-01-06 11:09:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-01-06 11:09:07 624128 ----a-w- C:\Windows\System32\qedit.dll
2015-01-06 11:09:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2015-01-06 11:09:05 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2015-01-06 11:09:02 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2015-01-06 11:02:35 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2015-01-06 11:01:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-01-06 11:00:45 3198976 ----a-w- C:\Windows\System32\win32k.sys
2015-01-06 11:00:40 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-01-06 11:00:40 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-01-06 11:00:40 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-01-06 11:00:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-01-06 11:00:39 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-01-06 11:00:39 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-01-06 11:00:39 112064 ----a-w- C:\Windows\System32\consent.exe
2015-01-06 10:57:59 -------- d-----w- C:\ProgramData\SaleesMAgnaet
2015-01-06 10:57:43 -------- d-----w- C:\ProgramData\dowNNlooaditkeepa
2015-01-06 10:57:27 -------- d-----w- C:\ProgramData\PriceDowNlioaaderr
2015-01-06 10:55:30 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-01-06 10:55:30 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-01-06 10:55:27 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-01-06 10:55:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-01-06 10:55:26 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-01-06 10:55:25 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-01-06 10:22:05 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2015-01-06 10:21:51 97792 ----a-w- C:\Windows\System32\wudriver.dll
2015-01-06 10:21:51 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-01-06 10:21:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-06 10:21:28 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-01-06 10:21:28 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2015-01-06 10:21:28 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2015-01-07 12:16:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-07 12:16:05 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-18 04:26:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-29 10:33:36 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-23 23:50:06 237848 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-10-20 04:45:50 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:11:44.09 ===============