Hi
my parents have clicked on something in the past and now their laptop seems to have constant pop up ads and windows, which is making it unusable, can you please help with the following outputs
many thanks in advance
I do not have easy access to a windows CD
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267
Run by JuneandPeter at 19:18:09 on 2015-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.873 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TheBestDeals-soft\TheBestDeals155.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TheBestDeals-soft\TheBestDeals_wd.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5552&r=273601110615l0464z1m5v4712197s
uProxyServer = hxxp=127.0.0.1:13828
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AQ481QY05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\24275616E60275946494 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\244584572643D2747533A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\34C4552475946494D244F4C4058494E4051425B4 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\4556E64616 : DHCPNameServer = 195.74.113.58 195.74.113.62
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\A457E65616E6460556475627D20534D275962756C6563737 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AD039EE7-16C9-4DB7-BF43-6B4C1AB166AA} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-1-31 254528]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-5 202752]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-14 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-31 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124560]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 TheBestDeals;The Best Deals;C:\Program Files (x86)\TheBestDeals-soft\TheBestDeals155.exe [2014-3-2 192512]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-14 243232]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-14 384040]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-20 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-2 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-14 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-04-08 18:16:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0506D8F-0097-4279-AC3A-CE620F2126E3}\offreg.dll
2015-04-08 17:31:45 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0506D8F-0097-4279-AC3A-CE620F2126E3}\mpengine.dll
2015-04-06 20:17:00 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-05 11:52:43 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-05 10:17:17 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-04-05 10:17:15 -------- d-s---w- C:\Windows\System32\GWX
2015-03-31 13:07:51 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFE9920B-0881-4DF1-BB29-A6A821F4C0EB}\gapaengine.dll
2015-03-26 13:46:14 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B69BED8-2D7C-C1DB-6D17-20FA280C8FCC}\GapaEngine.dll
2015-03-26 13:45:00 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4A0D0C0-C9F2-4C44-AA23-FC0F723FF5DC}\gapaengine.dll
2015-03-25 22:40:57 943616 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-25 22:40:57 760832 ----a-w- C:\Windows\System32\invagent.dll
2015-03-25 22:40:57 677888 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-25 22:40:57 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-25 22:40:57 1107456 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-25 22:40:56 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-03-25 22:40:54 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-25 22:40:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-11 20:40:24 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-11 20:40:23 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-11 20:40:23 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-11 20:40:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-11 20:40:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-11 20:40:22 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-11 20:40:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-11 20:40:21 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-11 20:40:21 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-11 20:40:21 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-11 20:40:12 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-11 19:39:49 215552 ----a-w- C:\Windows\System32\ubpm.dll
.
==================== Find3M ====================
.
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-23 10:52:04 2237952 ----a-w- C:\Windows\System32\wininet.dll
2015-02-23 10:51:56 600576 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-23 10:50:40 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-23 10:50:34 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-23 10:50:34 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-02-23 10:49:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-23 09:17:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-23 08:51:29 441856 ----a-w- C:\Windows\System32\html.iec
2015-02-23 08:25:10 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-02-21 05:31:25 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-21 05:31:19 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-21 05:30:16 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-21 05:30:11 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-21 05:30:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-02-21 05:29:25 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-21 05:09:51 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-21 04:42:37 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-02-21 04:19:22 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-02-05 11:17:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 11:17:27 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-01-09 02:48:18 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
.
============= FINISH: 19:22:02.44 ===============
my parents have clicked on something in the past and now their laptop seems to have constant pop up ads and windows, which is making it unusable, can you please help with the following outputs
many thanks in advance
I do not have easy access to a windows CD
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267
Run by JuneandPeter at 19:18:09 on 2015-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.873 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TheBestDeals-soft\TheBestDeals155.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TheBestDeals-soft\TheBestDeals_wd.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5552&r=273601110615l0464z1m5v4712197s
uProxyServer = hxxp=127.0.0.1:13828
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AQ481QY05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\24275616E60275946494 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\244584572643D2747533A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\34C4552475946494D244F4C4058494E4051425B4 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\4556E64616 : DHCPNameServer = 195.74.113.58 195.74.113.62
TCP: Interfaces\{947E5EFE-FEB4-4621-968F-EEDF043CA8AF}\A457E65616E6460556475627D20534D275962756C6563737 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AD039EE7-16C9-4DB7-BF43-6B4C1AB166AA} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-1-31 254528]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-5 202752]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-14 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-31 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124560]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 TheBestDeals;The Best Deals;C:\Program Files (x86)\TheBestDeals-soft\TheBestDeals155.exe [2014-3-2 192512]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-14 243232]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-14 384040]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-20 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-2 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-14 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-04-08 18:16:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0506D8F-0097-4279-AC3A-CE620F2126E3}\offreg.dll
2015-04-08 17:31:45 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0506D8F-0097-4279-AC3A-CE620F2126E3}\mpengine.dll
2015-04-06 20:17:00 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-05 11:52:43 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-05 10:17:17 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-04-05 10:17:15 -------- d-s---w- C:\Windows\System32\GWX
2015-03-31 13:07:51 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFE9920B-0881-4DF1-BB29-A6A821F4C0EB}\gapaengine.dll
2015-03-26 13:46:14 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B69BED8-2D7C-C1DB-6D17-20FA280C8FCC}\GapaEngine.dll
2015-03-26 13:45:00 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4A0D0C0-C9F2-4C44-AA23-FC0F723FF5DC}\gapaengine.dll
2015-03-25 22:40:57 943616 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-25 22:40:57 760832 ----a-w- C:\Windows\System32\invagent.dll
2015-03-25 22:40:57 677888 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-25 22:40:57 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-25 22:40:57 1107456 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-25 22:40:56 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-03-25 22:40:54 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-25 22:40:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-11 20:40:24 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-11 20:40:23 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-11 20:40:23 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-11 20:40:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-11 20:40:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-11 20:40:22 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-11 20:40:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-11 20:40:21 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-11 20:40:21 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-11 20:40:21 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-11 20:40:12 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-11 19:39:49 215552 ----a-w- C:\Windows\System32\ubpm.dll
.
==================== Find3M ====================
.
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-23 10:52:04 2237952 ----a-w- C:\Windows\System32\wininet.dll
2015-02-23 10:51:56 600576 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-23 10:50:40 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-23 10:50:34 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-23 10:50:34 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-02-23 10:49:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-23 09:17:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-23 08:51:29 441856 ----a-w- C:\Windows\System32\html.iec
2015-02-23 08:25:10 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-02-21 05:31:25 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-21 05:31:19 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-21 05:30:16 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-21 05:30:11 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-21 05:30:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-02-21 05:29:25 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-21 05:09:51 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-21 04:42:37 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-02-21 04:19:22 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-02-05 11:17:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 11:17:27 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-01-09 02:48:18 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
.
============= FINISH: 19:22:02.44 ===============