Hello there.
My dad accidentally clicked on an "update your Chrome browser" thing and downloaded a bunch of malware. The computer runs really slow now, opening programs takes a long time. The browser's homepage got changed to some search engine ( hxxp://istart.webssearches.com/?type=sc&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203 ), additional bookmarks appeared in the browser, and sometimes the browser pops up on its own with game sites...
So, there's definately something wrong, he downloaded something. I did try a scan with his Avast - the program found some viruses, quarantined them, but it didn't help much, thus my presence here.
I pasted in the info from DDS, attached the two files as instructed in the outlines to this Forums. Will be very grateful for helping with this.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
Run by Marek Młynarski at 20:25:10 on 2014-09-07
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4021.1949 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PennyBee\PennyBee.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Users\Marek Młynarski\AppData\Roaming\VOPackage\VOsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
C:\Program Files (x86)\PennyBee\PennyBeeW.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\SupTab\Loader64.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Users\Marek Młynarski\AppData\Local\fst_pl_192\upfst_pl_192.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marek Młynarski\Downloads\dds.scr
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Pomocnik rejestracji usługi Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ToggleMark: {dc59a866-959c-4638-a191-c13177d0bd68} - C:\Program Files (x86)\ToggleMark\ToggleMarkbho.dll
uRun: [iLivid] "C:\Users\Marek Młynarski\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRunOnce: [upfst_pl_192.exe] C:\Users\Marek Młynarski\AppData\Local\fst_pl_192\upfst_pl_192.exe -runonce
StartupFolder: C:\Users\MAREKM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TWORZE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &????????? ? OneNote - <no file>
IE: &??????? ? Microsoft Excel - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E79F8830-1C60-47D9-A2E0-0C8CE839A8DC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E79F8830-1C60-47D9-A2E0-0C8CE839A8DC}\45F602445726C696E60223 : DHCPNameServer = 94.232.215.2 192.168.0.1
TCP: Interfaces\{E79F8830-1C60-47D9-A2E0-0C8CE839A8DC}\A554C4D45425F55514 : DHCPNameServer = 213.160.128.3 213.160.134.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
x64-mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
x64-BHO: {4F524A2D-5637-4300-76A7-7A786E7484D7} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marek Młynarski\AppData\Roaming\Mozilla\Firefox\Profiles\4omu5dvg.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-12 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-12 224896]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-4-23 15928]
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [2014-9-5 61120]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-12 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-12 427360]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/23 01:55:25];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-2 146928]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-4-23 359552]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-18 202752]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-8-29 166296]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-23 14904]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-12 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-12 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-12 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-12 50344]
R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]
R2 PennyBee;PennyBee service;C:\Program Files (x86)\PennyBee\PennyBee.exe [2014-8-18 57856]
R2 servervo;VO Service component;C:\Users\Marek Młynarski\AppData\Roaming\VOPackage\VOsrv.exe [2014-9-4 71680]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2010-3-30 5052224]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-23 2314240]
R2 Update ToggleMark;Update ToggleMark;C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [2014-9-5 323360]
R2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-23 35104]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-23 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-21 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-21 177152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util ToggleMark;Util ToggleMark;C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe [2014-9-5 323360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-19 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-19 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-18 1255736]
.
=============== Created Last 30 ================
.
2014-09-07 17:25:10 -------- d-----w- C:\Users\Marek M?ynarski\AppData\Local\Microsoft
2014-09-05 22:01:31 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21871BDC-7022-4FF4-8686-92ECAA67897E}\mpengine.dll
2014-09-05 12:33:49 61120 ----a-w- C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-09-05 12:28:54 -------- d-----w- C:\Program Files (x86)\ToggleMark
2014-09-04 18:40:11 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\ap_logs
2014-09-04 18:39:44 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2014-09-04 18:39:02 -------- d-----w- C:\Program Files (x86)\fst_pl_192
2014-09-04 18:37:49 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\Systweak
2014-09-04 18:37:48 20328 ----a-w- C:\Windows\System32\roboot64.exe
2014-09-04 18:37:45 -------- d-----w- C:\Program Files (x86)\RCP
2014-09-04 18:37:43 -------- d-----w- C:\Program Files (x86)\PennyBee
2014-09-04 18:25:33 -------- d-----w- C:\ProgramData\IePluginServices
2014-09-04 18:25:26 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-09-04 18:25:24 -------- d-----w- C:\Program Files (x86)\SupTab
2014-09-04 18:24:58 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\webssearches
2014-09-04 18:24:51 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\VOPackage
2014-09-04 18:23:52 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-08-28 07:51:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 07:51:48 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 07:51:48 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-14 10:40:11 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 10:40:11 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 10:40:10 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 10:40:10 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 10:40:06 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 10:40:06 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 10:39:34 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 10:39:34 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 06:31:03 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 06:31:03 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 06:31:03 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 06:31:03 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 06:31:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 06:31:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 06:29:37 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 06:29:37 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 06:29:36 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 06:29:35 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-11 09:45:15 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2014-08-11 09:45:15 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2014-08-11 09:42:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-09-02 20:07:00 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-02 20:07:00 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-01 09:46:25 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2014-08-05 06:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-12 13:59:50 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-12 13:59:50 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-07-12 13:59:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-12 13:59:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-12 13:59:50 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-12 13:59:50 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-12 13:59:50 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-07-12 13:59:49 43152 ----a-w- C:\Windows\avastSS.scr
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 20:25:46,64 ===============
My dad accidentally clicked on an "update your Chrome browser" thing and downloaded a bunch of malware. The computer runs really slow now, opening programs takes a long time. The browser's homepage got changed to some search engine ( hxxp://istart.webssearches.com/?type=sc&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203 ), additional bookmarks appeared in the browser, and sometimes the browser pops up on its own with game sites...
So, there's definately something wrong, he downloaded something. I did try a scan with his Avast - the program found some viruses, quarantined them, but it didn't help much, thus my presence here.
I pasted in the info from DDS, attached the two files as instructed in the outlines to this Forums. Will be very grateful for helping with this.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
Run by Marek Młynarski at 20:25:10 on 2014-09-07
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4021.1949 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PennyBee\PennyBee.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Users\Marek Młynarski\AppData\Roaming\VOPackage\VOsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
C:\Program Files (x86)\PennyBee\PennyBeeW.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\SupTab\Loader64.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Users\Marek Młynarski\AppData\Local\fst_pl_192\upfst_pl_192.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marek Młynarski\Downloads\dds.scr
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Pomocnik rejestracji usługi Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ToggleMark: {dc59a866-959c-4638-a191-c13177d0bd68} - C:\Program Files (x86)\ToggleMark\ToggleMarkbho.dll
uRun: [iLivid] "C:\Users\Marek Młynarski\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRunOnce: [upfst_pl_192.exe] C:\Users\Marek Młynarski\AppData\Local\fst_pl_192\upfst_pl_192.exe -runonce
StartupFolder: C:\Users\MAREKM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TWORZE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &????????? ? OneNote - <no file>
IE: &??????? ? Microsoft Excel - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E79F8830-1C60-47D9-A2E0-0C8CE839A8DC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E79F8830-1C60-47D9-A2E0-0C8CE839A8DC}\45F602445726C696E60223 : DHCPNameServer = 94.232.215.2 192.168.0.1
TCP: Interfaces\{E79F8830-1C60-47D9-A2E0-0C8CE839A8DC}\A554C4D45425F55514 : DHCPNameServer = 213.160.128.3 213.160.134.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
x64-mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203
x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409855079&from=pjr&uid=WDCXWD6400BEVT-80A0RT0_WD-WXA1A205320353203&q={searchTerms}
x64-BHO: {4F524A2D-5637-4300-76A7-7A786E7484D7} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marek Młynarski\AppData\Roaming\Mozilla\Firefox\Profiles\4omu5dvg.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-12 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-12 224896]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-4-23 15928]
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [2014-9-5 61120]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-12 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-12 427360]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/23 01:55:25];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-2 146928]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-4-23 359552]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-18 202752]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-8-29 166296]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-23 14904]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-12 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-12 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-12 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-12 50344]
R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]
R2 PennyBee;PennyBee service;C:\Program Files (x86)\PennyBee\PennyBee.exe [2014-8-18 57856]
R2 servervo;VO Service component;C:\Users\Marek Młynarski\AppData\Roaming\VOPackage\VOsrv.exe [2014-9-4 71680]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2010-3-30 5052224]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-23 2314240]
R2 Update ToggleMark;Update ToggleMark;C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [2014-9-5 323360]
R2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-23 35104]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-23 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-21 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-21 177152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util ToggleMark;Util ToggleMark;C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe [2014-9-5 323360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-19 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-19 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-18 1255736]
.
=============== Created Last 30 ================
.
2014-09-07 17:25:10 -------- d-----w- C:\Users\Marek M?ynarski\AppData\Local\Microsoft
2014-09-05 22:01:31 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21871BDC-7022-4FF4-8686-92ECAA67897E}\mpengine.dll
2014-09-05 12:33:49 61120 ----a-w- C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-09-05 12:28:54 -------- d-----w- C:\Program Files (x86)\ToggleMark
2014-09-04 18:40:11 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\ap_logs
2014-09-04 18:39:44 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2014-09-04 18:39:02 -------- d-----w- C:\Program Files (x86)\fst_pl_192
2014-09-04 18:37:49 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\Systweak
2014-09-04 18:37:48 20328 ----a-w- C:\Windows\System32\roboot64.exe
2014-09-04 18:37:45 -------- d-----w- C:\Program Files (x86)\RCP
2014-09-04 18:37:43 -------- d-----w- C:\Program Files (x86)\PennyBee
2014-09-04 18:25:33 -------- d-----w- C:\ProgramData\IePluginServices
2014-09-04 18:25:26 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-09-04 18:25:24 -------- d-----w- C:\Program Files (x86)\SupTab
2014-09-04 18:24:58 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\webssearches
2014-09-04 18:24:51 -------- d-----w- C:\Users\Marek Młynarski\AppData\Roaming\VOPackage
2014-09-04 18:23:52 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-08-28 07:51:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 07:51:48 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 07:51:48 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-14 10:40:11 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 10:40:11 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 10:40:10 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 10:40:10 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 10:40:06 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 10:40:06 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 10:39:34 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 10:39:34 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 06:31:03 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 06:31:03 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 06:31:03 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 06:31:03 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 06:31:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 06:31:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 06:29:37 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 06:29:37 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 06:29:36 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 06:29:35 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-11 09:45:15 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2014-08-11 09:45:15 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2014-08-11 09:42:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-09-02 20:07:00 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-02 20:07:00 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-01 09:46:25 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2014-08-05 06:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-12 13:59:50 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-12 13:59:50 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-07-12 13:59:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-12 13:59:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-12 13:59:50 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-12 13:59:50 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-12 13:59:50 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-07-12 13:59:49 43152 ----a-w- C:\Windows\avastSS.scr
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 20:25:46,64 ===============