Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Price Fountain, Solution Real and other....


  • This topic is locked This topic is locked
7 replies to this topic

#1 Czudi

Czudi

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 25 January 2015 - 08:16 PM

Ok, so I have probably installed some malware while installing some other stuff. Programs that I found in "add/remove programs" that I do not recognise are:

Price Fountain

Solution Real

RasWin

omiga Plus

 

I am unable to delate them from "add/remove programs" - pop up says it was already uninstalled and I can only remove them from the list of programms. However my Avast keeps shouting that i got some malware which was blocked (and show some path to the Price Fountain). Solution Real keeps working as I notice some ads in web browser that I have not seen before.

 

I have used Avira Sustem Rescue, but I think it did not do much good.

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Agnieszka (administrator) on ASUS551 on 26-01-2015 01:28:03
Running from C:\Users\Agnieszka\Desktop\Czudi
Loaded Profiles: Agnieszka (Available profiles: Agnieszka)
Platform: Windows 8.1 Pro (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Solution Real 1.0.0.6 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Agnieszka\AppData\Local\PriceFountain\PriceFountainIE.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Dokumenty Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Dysk Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Szukaj w Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Arkusze Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (AdBlock) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]
CHR Extension: (Solution Real) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg [2015-01-25]
CHR Extension: (Avast Online Security) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-23] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-14] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-03] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-05-14] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 01:26 - 2015-01-26 01:28 - 00000000 ____D () C:\Users\Agnieszka\Desktop\Czudi
2015-01-26 01:24 - 2015-01-26 01:24 - 00000197 _____ () C:\Windows\system32\2015-01-26-00-24-37.034-AvastVBoxSVC.exe-2856.log
2015-01-26 01:23 - 2015-01-26 01:23 - 00000472 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 23:03 - 2015-01-25 23:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Agnieszka\Downloads\mbam-setup-2.0.3.1025.exe
2015-01-25 22:44 - 2015-01-26 01:28 - 00000000 ____D () C:\FRST
2015-01-25 19:31 - 2015-01-25 05:45 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}gw64.sys.vir
2015-01-25 08:55 - 2015-01-25 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-25 08:54 - 2015-01-25 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-25 08:54 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 __RHD () C:\MSOCache
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Microsoft Help
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-01-25 08:53 - 2015-01-25 08:53 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\WinRAR
2015-01-25 08:52 - 2015-01-25 08:52 - 02113832 _____ () C:\Users\Agnieszka\Downloads\winrar-x64-520pl.exe
2015-01-25 08:52 - 2015-01-25 08:52 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-25 08:52 - 2015-01-25 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-25 08:52 - 2015-01-25 08:52 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-24 23:51 - 2015-01-24 23:51 - 00000989 _____ () C:\Users\Agnieszka\Desktop\Biodesigner.lnk
2015-01-24 23:51 - 2015-01-24 23:51 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\NVIDIA
2015-01-24 23:51 - 2015-01-24 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biodesigner
2015-01-24 23:51 - 2015-01-24 23:51 - 00000000 ____D () C:\Program Files (x86)\Biodesigner
2015-01-24 23:50 - 2015-01-24 23:50 - 02110565 _____ () C:\Users\Agnieszka\Downloads\biosetup.exe
2015-01-24 23:49 - 2015-01-24 23:49 - 00924480 _____ () C:\Users\Agnieszka\Downloads\RasMol_Latest_Windows_Installer.exe
2015-01-24 23:49 - 2015-01-24 23:49 - 00924480 _____ () C:\Users\Agnieszka\Downloads\RasMol_2.7.5_Windows_Installer.exe
2015-01-24 23:49 - 2015-01-24 23:49 - 00000995 _____ () C:\Users\Public\Desktop\RasWin.lnk
2015-01-24 23:49 - 2015-01-24 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RasWin
2015-01-24 23:49 - 2015-01-24 23:49 - 00000000 ____D () C:\Program Files (x86)\RasWin
2015-01-24 23:47 - 2015-01-24 23:39 - 00002069 _____ () C:\Users\Agnieszka\Desktop\OriginPro 8.lnk
2015-01-24 23:46 - 2015-01-24 23:46 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\vlc
2015-01-24 23:45 - 2015-01-24 23:45 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-24 23:44 - 2015-01-24 23:45 - 00000000 ____D () C:\Users\Agnieszka\Documents\Origin User Files
2015-01-24 23:39 - 2007-10-15 13:23 - 02199552 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\PdfDll32.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01703936 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCLR14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01637520 _____ (Codejock Software) C:\Windows\SysWOW64\LPUIT05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01433600 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDic14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01396736 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltann14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01122304 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimg14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00703632 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRES05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00695440 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPDLG05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00642192 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUIR05r.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00507024 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtAct14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00434176 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00364544 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00262144 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00253952 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTEml14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00241664 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00228496 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpPdf05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00224400 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPKRN05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00221184 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lvkrn14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTSGM14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00146576 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpDoc05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00142480 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltact.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00139264 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpdf14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00138384 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpHTM05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00138384 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpEmf05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00113808 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPWSE05n.exe
2015-01-24 23:39 - 2007-10-15 13:23 - 00109712 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpRTF05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00106680 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUID05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00098304 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtTtf14n.Dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00094208 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltdoc14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00089232 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPCPN05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00086016 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00085136 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPINS05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00077898 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjb214n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00072848 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpTxt05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00068752 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lpdrv05n.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00065536 _____ () C:\Windows\SysWOW64\ltserial.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00056464 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUNI05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00056464 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRPC05u.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00052368 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPEML05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00048272 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRNT05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00038032 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUMD05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00035984 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPPMN05u.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00032768 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfwmf14n.dll
2015-01-24 23:16 - 2015-01-24 23:16 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Bruker_Corporation
2015-01-24 23:14 - 2015-01-24 23:14 - 00001722 _____ () C:\Users\Public\Desktop\NanoScope Analysis.lnk
2015-01-24 23:14 - 2015-01-24 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bruker
2015-01-24 23:14 - 2015-01-24 23:14 - 00000000 ____D () C:\Program Files (x86)\Veeco Instruments Inc
2015-01-24 23:14 - 2015-01-24 23:14 - 00000000 ____D () C:\Program Files (x86)\NanoScope
2015-01-24 22:57 - 2015-01-25 23:23 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 22:57 - 2015-01-24 23:23 - 00003818 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 22:56 - 2015-01-24 22:57 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Adobe
2015-01-24 22:51 - 2015-01-24 22:51 - 00000197 _____ () C:\Windows\system32\2015-01-24-21-51-41.074-AvastVBoxSVC.exe-2916.log
2015-01-24 22:50 - 2015-01-24 22:50 - 936169258 _____ () C:\Windows\MEMORY.DMP
2015-01-24 22:50 - 2015-01-24 22:50 - 01450136 _____ () C:\Windows\Minidump\012415-117703-01.dmp
2015-01-24 22:50 - 2015-01-24 22:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-24 22:18 - 2015-01-25 21:55 - 00000000 ____D () C:\Users\Agnieszka\Desktop\PENDRIVE
2015-01-24 20:30 - 2015-01-25 09:02 - 00036352 _____ () C:\Users\Agnieszka\Desktop\zamowienie.xls
2015-01-24 20:30 - 2014-09-08 21:48 - 00017107 _____ () C:\Users\Agnieszka\Desktop\WESELE.xlsx
2015-01-24 20:27 - 2015-01-24 20:27 - 00000247 _____ () C:\Windows\system32\2015-01-24-19-27-47.042-aswFe.exe-5552.log
2015-01-24 20:23 - 2015-01-24 20:27 - 00000247 _____ () C:\Windows\system32\2015-01-24-19-23-28.032-aswFe.exe-6392.log
2015-01-24 20:23 - 2015-01-24 20:23 - 00000197 _____ () C:\Windows\system32\2015-01-24-19-23-26.060-AvastVBoxSVC.exe-5088.log
2015-01-24 20:22 - 2015-01-26 01:25 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Dropbox
2015-01-24 20:19 - 2015-01-24 20:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-24 20:19 - 2015-01-24 20:19 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\AVAST Software
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-24 20:18 - 2015-01-24 20:19 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-24 20:18 - 2015-01-24 20:19 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-24 20:18 - 2015-01-24 20:18 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-24 20:18 - 2015-01-24 20:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-24 20:15 - 2015-01-24 20:15 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 20:14 - 2015-01-24 20:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-24 20:09 - 2015-01-24 03:39 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}gw64.sys.vir
2015-01-24 20:08 - 2015-01-24 20:08 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Opera Software
2015-01-24 20:07 - 2015-01-24 20:07 - 00003868 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422126475
2015-01-24 20:07 - 2015-01-24 20:07 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-01-24 20:07 - 2015-01-24 20:07 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-24 20:07 - 2015-01-24 20:07 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Opera Software
2015-01-24 20:07 - 2015-01-24 20:07 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\BESTplayer
2015-01-24 20:06 - 2015-01-26 02:14 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\PriceFountain
2015-01-24 20:06 - 2015-01-26 00:07 - 00000322 _____ () C:\Windows\Tasks\Price Fountain.job
2015-01-24 20:06 - 2015-01-24 20:06 - 00002660 _____ () C:\Windows\System32\Tasks\Price Fountain
2015-01-24 20:06 - 2015-01-24 20:06 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\PriceFountain
2015-01-24 20:06 - 2015-01-24 20:06 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
2015-01-24 20:06 - 2015-01-11 11:28 - 00003966 _____ () C:\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi
2015-01-24 20:05 - 2015-01-24 22:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-24 20:05 - 2015-01-24 20:05 - 00001056 _____ () C:\Users\Agnieszka\Desktop\NapiProjekt.lnk
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\OpenCandy
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\NapiProjekt
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\Program Files (x86)\NapiProjekt
2015-01-24 20:04 - 2015-01-24 20:04 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-24 20:03 - 2015-01-26 02:14 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-24 20:03 - 2015-01-24 20:04 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-24 20:02 - 2015-01-26 02:14 - 00000000 ____D () C:\Program Files (x86)\Solution Real
2015-01-24 20:02 - 2015-01-24 20:02 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\omiga-plus
2015-01-24 19:53 - 2015-01-24 19:53 - 00001126 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-24 19:18 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-24 19:18 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-24 19:16 - 2015-01-24 19:16 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\com.aspiro.wimp.pl.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
2015-01-24 19:16 - 2015-01-24 19:16 - 00000000 ____D () C:\ProgramData\WiMP
2015-01-24 19:15 - 2015-01-24 19:15 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiMP.lnk
2015-01-24 19:15 - 2015-01-24 19:15 - 00000893 _____ () C:\Users\Public\Desktop\WiMP.lnk
2015-01-24 19:15 - 2015-01-24 19:15 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\com.aspiro.wimp.pl
2015-01-24 19:15 - 2015-01-24 19:15 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Aspiro Music AS
2015-01-24 19:15 - 2015-01-24 19:15 - 00000000 ____D () C:\Program Files (x86)\WiMP
2015-01-24 18:31 - 2015-01-24 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
2015-01-24 18:30 - 2015-01-24 18:30 - 00000000 ____D () C:\Program Files (x86)\OriginLab
2015-01-24 18:24 - 2015-01-24 22:08 - 00000000 ____D () C:\AGNIESZKA
2015-01-24 18:23 - 2015-01-24 18:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-01-24 16:50 - 2015-01-24 18:32 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Foxit Software
2015-01-24 16:49 - 2015-01-24 16:49 - 00001371 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-01-24 16:49 - 2015-01-24 16:49 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-01-24 16:49 - 2015-01-24 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-01-24 16:49 - 2015-01-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-01-24 16:46 - 2015-01-24 16:46 - 00002285 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 16:46 - 2015-01-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 16:45 - 2015-01-26 00:31 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 16:45 - 2015-01-25 23:50 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 16:45 - 2015-01-24 19:53 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Google
2015-01-24 16:45 - 2015-01-24 19:53 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 16:45 - 2015-01-24 16:45 - 00004042 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 16:45 - 2015-01-24 16:45 - 00003806 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 __SHD () C:\Users\Agnieszka\AppData\Local\EmieUserList
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 __SHD () C:\Users\Agnieszka\AppData\Local\EmieSiteList
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Macromedia
2015-01-24 03:21 - 2015-01-16 07:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-24 03:21 - 2015-01-16 07:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-24 03:20 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-24 03:20 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-24 03:09 - 2015-01-24 03:09 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-24 03:07 - 2015-01-24 03:07 - 00000726 _____ () C:\Users\Public\Desktop\eManual.Lnk
2015-01-24 03:07 - 2015-01-24 03:07 - 00000000 ____D () C:\eSupport
2015-01-24 03:05 - 2015-01-24 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-24 03:05 - 2015-01-24 03:05 - 00003562 _____ () C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
2015-01-24 03:03 - 2015-01-24 03:03 - 00000000 ____D () C:\Windows\SysWOW64\sda
2015-01-24 03:03 - 2013-04-25 11:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPerIcon.dll
2015-01-24 03:03 - 2012-08-06 04:17 - 00017280 _____ ( ) C:\Windows\system32\Drivers\kbfiltr.sys
2015-01-24 03:02 - 2015-01-24 03:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2015-01-24 03:02 - 2015-01-24 03:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2015-01-24 03:02 - 2015-01-24 03:02 - 00000000 ____D () C:\Users\Agnieszka\Documents\Moje odebrane pliki
2015-01-24 03:02 - 2013-10-18 07:12 - 00444632 ____R (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Intel
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-24 03:00 - 2015-01-24 03:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 02:58 - 2015-01-24 03:01 - 00013736 _____ () C:\Windows\DPINST.LOG
2015-01-24 02:58 - 2015-01-24 02:58 - 00003538 _____ () C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2015-01-24 02:58 - 2015-01-24 02:58 - 00000000 ____D () C:\Program Files\DIFX
2015-01-24 02:57 - 2015-01-24 03:05 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-01-24 02:55 - 2014-05-29 08:55 - 00873176 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-01-24 02:55 - 2014-05-29 08:55 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-24 02:50 - 2015-01-24 02:50 - 00383635 _____ () C:\Windows\system32\Drivers\RTWAVES40.dat
2015-01-24 02:50 - 2015-01-24 02:50 - 00006786 _____ () C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-01-24 02:50 - 2015-01-24 02:50 - 00002626 _____ () C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-01-24 02:50 - 2015-01-24 02:50 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2015-01-24 02:50 - 2015-01-24 02:50 - 00001314 _____ () C:\Users\Public\Desktop\AudioWizard.lnk
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____D () C:\Program Files\Realtek
2015-01-24 02:50 - 2014-06-17 12:27 - 04001752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-24 02:50 - 2014-06-17 12:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-24 02:50 - 2014-06-17 09:08 - 01205934 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-24 02:50 - 2014-06-17 08:41 - 64228864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-24 02:50 - 2014-06-17 06:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-24 02:50 - 2014-06-13 09:24 - 02804952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-24 02:50 - 2014-06-11 10:08 - 00949464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-24 02:50 - 2014-06-11 04:44 - 01024728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-24 02:50 - 2014-06-09 09:57 - 02860248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-24 02:50 - 2014-05-09 04:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-24 02:50 - 2014-04-10 05:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-24 02:50 - 2014-03-06 09:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-24 02:50 - 2013-10-11 04:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-01-24 02:50 - 2013-08-14 08:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-01-24 02:50 - 2012-08-31 12:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-01-24 02:50 - 2012-01-10 03:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-01-24 02:50 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-24 02:50 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-24 02:50 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-01-24 02:50 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-01-24 02:50 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-01-24 02:50 - 2011-03-17 05:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-01-24 02:50 - 2011-03-07 10:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-24 02:50 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-24 02:50 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-24 02:49 - 2015-01-24 03:21 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\NVIDIA Corporation
2015-01-24 02:49 - 2015-01-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-24 02:49 - 2015-01-24 02:50 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-24 02:49 - 2014-06-09 03:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-24 02:49 - 2014-05-19 03:47 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-24 02:49 - 2014-04-17 10:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-01-24 02:49 - 2014-04-10 05:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-01-24 02:49 - 2014-02-18 10:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-24 02:49 - 2013-10-11 05:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-24 02:49 - 2013-10-06 17:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-01-24 02:49 - 2013-10-06 17:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-01-24 02:49 - 2013-10-06 17:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-01-24 02:49 - 2013-08-14 08:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-01-24 02:49 - 2012-03-08 04:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-24 02:49 - 2011-08-23 10:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-01-24 02:49 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-24 02:47 - 2015-01-24 03:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-24 02:47 - 2015-01-24 03:13 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\NVIDIA
2015-01-24 02:47 - 2015-01-24 02:47 - 00001367 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-01-24 02:47 - 2015-01-24 02:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-24 02:47 - 2015-01-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-24 02:47 - 2015-01-24 02:47 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-24 02:47 - 2015-01-16 07:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-24 02:47 - 2015-01-16 07:41 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-24 02:47 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 06682400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 03499808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 01072472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 00925128 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-24 02:47 - 2014-04-29 18:11 - 00385368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-24 02:47 - 2014-04-25 23:50 - 03747864 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-24 02:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-24 02:46 - 2015-01-24 03:21 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-24 02:46 - 2014-04-29 19:49 - 01883480 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433311.dll
2015-01-24 02:46 - 2014-04-29 19:49 - 01510744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433311.dll
2015-01-24 02:46 - 2014-04-29 19:49 - 00023662 _____ () C:\Windows\system32\nvinfo.pb
2015-01-24 02:45 - 2014-04-29 19:49 - 30411040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 25257816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 22993352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 18313696 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 18241584 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 17559384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 15880288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 15246856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 12698456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-24 02:45 - 2014-04-29 19:49 - 11642344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 11591344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 09734744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 09692496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 03132760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 03128776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 03085040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 02941384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 02755872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 02709120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00932808 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00893272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00886104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00854816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00478552 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00356184 _____ () C:\Windows\system32\NvIFROpenGL.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00313688 _____ () C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-24 02:44 - 2015-01-24 03:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-24 02:41 - 2015-01-24 23:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 02:41 - 2015-01-24 03:01 - 00000000 ____D () C:\ProgramData\Intel
2015-01-24 02:41 - 2015-01-24 02:41 - 00000086 _____ () C:\setup.log
2015-01-24 02:41 - 2015-01-24 02:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-24 02:41 - 2015-01-24 02:41 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\InstallShield
2015-01-24 02:41 - 2013-09-03 16:52 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-01-24 02:41 - 2013-09-03 16:52 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-01-24 02:41 - 2013-09-03 16:52 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2015-01-24 02:38 - 2013-08-09 03:31 - 00644968 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-01-24 02:35 - 2013-08-21 08:16 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-01-24 02:31 - 2015-01-24 02:38 - 00000000 ____D () C:\Windows\Log
2015-01-24 02:23 - 2015-01-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-24 02:22 - 2015-01-24 03:01 - 00000000 ____D () C:\Program Files\Intel
2015-01-24 02:22 - 2015-01-24 02:22 - 00000000 ____D () C:\Intel
2015-01-24 02:22 - 2014-10-03 17:37 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-01-24 02:22 - 2014-10-03 17:37 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-01-24 02:16 - 2015-01-25 09:24 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2086728796-2284973935-1730649577-1001
2015-01-24 02:11 - 2015-01-24 22:50 - 00000000 ____D () C:\Users\Agnieszka
2015-01-24 02:11 - 2015-01-24 18:32 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\VirtualStore
2015-01-24 02:11 - 2015-01-24 02:11 - 00001454 _____ () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 02:11 - 2015-01-24 02:11 - 00000020 ___SH () C:\Users\Agnieszka\ntuser.ini
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Ustawienia lokalne
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Szablony
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Moje dokumenty
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Menu Start
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Documents\Moje wideo
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Documents\Moje obrazy
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Documents\Moja muzyka
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Dane aplikacji
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\AppData\Local\Historia
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\AppData\Local\Dane aplikacji
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Adobe
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Packages
2015-01-24 02:11 - 2014-03-18 11:09 - 00000000 ___RD () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 02:11 - 2014-03-18 11:09 - 00000000 ___RD () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 02:11 - 2014-03-18 10:58 - 00000369 _____ () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-24 02:11 - 2014-03-18 10:58 - 00000369 _____ () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-24 02:11 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 02:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 01:55 - 2015-01-26 01:24 - 01949441 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 01:52 - 2015-01-24 01:52 - 00000000 ____D () C:\Windows\CSC
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Public\Documents\Moje wideo
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Public\Documents\Moje obrazy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Public\Documents\Moja muzyka
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Ustawienia lokalne
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Szablony
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Moje dokumenty
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Menu Start
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Documents\Moje wideo
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Documents\Moje obrazy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Documents\Moja muzyka
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Dane aplikacji
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historia
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dane aplikacji
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje wideo
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje obrazy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Moja muzyka
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historia
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dane aplikacji
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Szablony
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Pulpit
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Menu Start
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Dokumenty
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Dane aplikacji
2015-01-24 01:44 - 2015-01-24 02:11 - 00000000 ____D () C:\Windows\Panther
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 01:23 - 2013-08-22 15:44 - 00481512 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 00:32 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-25 23:35 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-01-25 22:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-25 21:38 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-25 08:55 - 2014-03-18 10:40 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 08:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-25 08:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-25 08:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-24 22:57 - 2014-03-18 10:56 - 01825074 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 22:57 - 2014-03-18 10:28 - 00807160 _____ () C:\Windows\system32\perfh015.dat
2015-01-24 22:57 - 2014-03-18 10:28 - 00163478 _____ () C:\Windows\system32\perfc015.dat
2015-01-24 22:50 - 2014-03-18 02:46 - 00004316 _____ () C:\Windows\PFRO.log
2015-01-24 22:09 - 2013-08-22 15:46 - 00014933 _____ () C:\Windows\setupact.log
2015-01-24 19:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-24 19:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-24 03:01 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-01-24 02:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 02:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-24 02:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-24 01:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-24 01:47 - 2013-08-22 16:37 - 00002664 _____ () C:\Windows\DtcInstall.log
2015-01-24 01:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-24 01:43 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
 
==================== Files in the root of some directories =======
 
2015-01-24 02:50 - 2015-01-24 02:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Agnieszka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi4lwd6.dll
C:\Users\Agnieszka\AppData\Local\Temp\ose00000.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is16C.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is4863.exe
C:\Users\Agnieszka\AppData\Local\Temp\_isCCF0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 01:46
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 AM

Posted 26 January 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086728796-2284973935-1730649577-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&ts=1422126229&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086728796-2284973935-1730649577-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&ts=1422126229&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086728796-2284973935-1730649577-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&ts=1422126229&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086728796-2284973935-1730649577-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&ts=1422126229&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086728796-2284973935-1730649577-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&ts=1422126229&type=default&q={searchTerms}
BHO-x32: Solution Real 1.0.0.6 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Agnieszka\AppData\Local\PriceFountain\PriceFountainIE.dll ()
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070"
CHR Extension: (Solution Real) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
C:\Program Files (x86)\XTab
C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg
C:\Users\Agnieszka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi4lwd6.dll
C:\Users\Agnieszka\AppData\Local\Temp\ose00000.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is16C.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is4863.exe
C:\Users\Agnieszka\AppData\Local\Temp\_isCCF0.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please run this tool to remove any remant bad entries in the registry.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 26 January 2015 - 03:58 PM

Firstly, big thanks for quick reply!

Secondly, I have made all the steps, and here are the reports:

 

FRST report after Fixing:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Agnieszka at 2015-01-26 21:16:23 Run:1
Running from C:\Users\Agnieszka\Desktop\Czudi
Loaded Profiles: Agnieszka (Available profiles: Agnieszka)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
BHO-x32: Solution Real 1.0.0.6 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Agnieszka\AppData\Local\PriceFountain\PriceFountainIE.dll ()
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070"
CHR Extension: (Solution Real) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
C:\Program Files (x86)\XTab
C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg
C:\Users\Agnieszka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi4lwd6.dll
C:\Users\Agnieszka\AppData\Local\Temp\ose00000.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is16C.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is4863.exe
C:\Users\Agnieszka\AppData\Local\Temp\_isCCF0.exe
 
End
*****************
 
Processes closed successfully.
C:\Program Files (x86)\XTab\ProtectService.exe => No running process found
C:\Program Files (x86)\XTab\CmdShell.exe => No running process found
C:\Program Files (x86)\XTab\HPNotify.exe => No running process found
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. 
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1bb456da-878f-44a5-b013-4bfe0ae02fce}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1bb456da-878f-44a5-b013-4bfe0ae02fce}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{b608cc98-54de-4775-96c9-097de398500c}" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg => Moved successfully.
C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
IHProtect Service => Service deleted successfully.
C:\Program Files (x86)\XTab => Moved successfully.
"C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg" => File/Directory not found.
C:\Users\Agnieszka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi4lwd6.dll => Moved successfully.
C:\Users\Agnieszka\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Agnieszka\AppData\Local\Temp\_is16C.exe => Moved successfully.
C:\Users\Agnieszka\AppData\Local\Temp\_is4863.exe => Moved successfully.
C:\Users\Agnieszka\AppData\Local\Temp\_isCCF0.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:16:25 ====
 
Next, report from AdwCleaner after scaning BEFORE deleting all the files:
 
# AdwCleaner v4.109 - Log utworzony 26/01/2015 o 21:30:18
# Aktualizacja 24/01/2015 przez Xplode
# Database : 2015-01-25.1 [Live]
# System operacyjny : Windows 8.1 Pro  (64 bits)
# Użytkownik : Agnieszka - ASUS551
# Ścieżka : C:\Users\Agnieszka\Desktop\Czudi\adwcleaner_4.109.exe
# Opcja : Szukaj
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
Folder Znaleziono : C:\Program Files (x86)\Solution Real
Folder Znaleziono : C:\ProgramData\IHProtectUpDate
Folder Znaleziono : C:\ProgramData\WindowsMangerProtect
Folder Znaleziono : C:\Users\AGNIES~1\AppData\Local\Temp\Solution Real
Folder Znaleziono : C:\Users\Agnieszka\AppData\Local\PriceFountain
Folder Znaleziono : C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
Folder Znaleziono : C:\Users\Agnieszka\AppData\Roaming\omiga-plus
Folder Znaleziono : C:\Users\Agnieszka\AppData\Roaming\OpenCandy
Folder Znaleziono : C:\Users\Agnieszka\AppData\Roaming\PriceFountain
Plik Znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Plik Znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Plik Znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Plik Znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Plik Znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Zadania ] *****
 
Zadanie Znaleziono : Price Fountain
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
Klucz Znaleziono : HKCU\Software\InstallCore
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceFountain
Klucz Znaleziono : HKCU\Software\PriceFountain
Klucz Znaleziono : HKCU\Software\Solution Real
Klucz Znaleziono : [x64] HKCU\Software\InstallCore
Klucz Znaleziono : [x64] HKCU\Software\PriceFountain
Klucz Znaleziono : [x64] HKCU\Software\Solution Real
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Klucz Znaleziono : HKLM\SOFTWARE\IHProtect
Klucz Znaleziono : HKLM\SOFTWARE\omiga-plusSoftware
Klucz Znaleziono : HKLM\SOFTWARE\Solution Real
Klucz Znaleziono : HKLM\SOFTWARE\SupDp
Klucz Znaleziono : HKLM\SOFTWARE\SupTab
Klucz Znaleziono : HKLM\SOFTWARE\supWindowsMangerProtect
Klucz Znaleziono : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klucz Znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Solution Real
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Znaleziono [Search Provider] : hxxp://www.daemon-search.com/search/web?q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Znaleziono [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2314472&SearchSource=3&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Znaleziono [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Znaleziono [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Znaleziono [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Znaleziono [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
 
-\\ Opera v26.0.1656.60
 
 
*************************
 
AdwCleaner[R0].txt - [5313 octets] - [26/01/2015 21:30:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5373 octets] ##########
 
Report after deleting all things found by AdwCleaner ( I did not find any false positive records, athough I canno be sure about all the registry keys, as I cannot connect them with programs etc.):
 
# AdwCleaner v4.109 - Log utworzony 26/01/2015 o 21:43:49
# Aktualizacja 24/01/2015 przez Xplode
# Database : 2015-01-25.1 [Live]
# System operacyjny : Windows 8.1 Pro  (64 bits)
# Użytkownik : Agnieszka - ASUS551
# Ścieżka : C:\Users\Agnieszka\Desktop\Czudi\adwcleaner_4.109.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
Folder Usunięto : C:\ProgramData\WindowsMangerProtect
Folder Usunięto : C:\ProgramData\IHProtectUpDate
Folder Usunięto : C:\Program Files (x86)\Solution Real
Folder Usunięto : C:\Users\AGNIES~1\AppData\Local\Temp\Solution Real
Folder Usunięto : C:\Users\Agnieszka\AppData\Local\PriceFountain
Folder Usunięto : C:\Users\Agnieszka\AppData\Roaming\omiga-plus
Folder Usunięto : C:\Users\Agnieszka\AppData\Roaming\OpenCandy
Folder Usunięto : C:\Users\Agnieszka\AppData\Roaming\PriceFountain
Folder Usunięto : C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
Plik Usunięto : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Plik Usunięto : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Plik Usunięto : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Plik Usunięto : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Plik Usunięto : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Zadania ] *****
 
Zadanie Usunięto : Price Fountain
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
Klucz Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\PriceFountain
Klucz Usunięto : HKCU\Software\Solution Real
Klucz Usunięto : HKLM\SOFTWARE\omiga-plusSoftware
Klucz Usunięto : HKLM\SOFTWARE\SupDp
Klucz Usunięto : HKLM\SOFTWARE\SupTab
Klucz Usunięto : HKLM\SOFTWARE\supWindowsMangerProtect
Klucz Usunięto : HKLM\SOFTWARE\IHProtect
Klucz Usunięto : HKLM\SOFTWARE\Solution Real
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceFountain
Klucz Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Solution Real
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.daemon-search.com/search/web?q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2314472&SearchSource=3&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
 
-\\ Opera v26.0.1656.60
 
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://www.daemon-search.com/search/web?q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2314472&SearchSource=3&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Usunięto [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5489 octets] - [26/01/2015 21:30:18]
AdwCleaner[S0].txt - [6403 octets] - [26/01/2015 21:43:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6463 octets] ##########
 
 
I don't know how my performance will change right now, as I have just done the steps. Chrome allready mentioned to me that it is blocking the Solution Real add-on/plugin. Also, could You look especially on the key that were NOT FOUND in the 1st ste (FRST fix) - I did not find them in the latter steps, but I have only looked for few.
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 AM

Posted 27 January 2015 - 08:30 AM

This key was not found because it was removed by the AdwCleaner tool. It was referencing Omiga-plus.
{33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?
It's gone.

===
 

Chrome allready mentioned to me that it is blocking the Solution Real add-on/plugin.


Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 28 January 2015 - 01:44 AM

Here is log from Security Check:

 

 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 AM

Posted 28 January 2015 - 09:49 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 29 January 2015 - 05:42 PM

Thank You very much, for saving my time and me from formating my computer! I am really surprised, that You guys work here on this forum and fix all those issues happening to random people. Made my day! Keep on doing good job!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 AM

Posted 30 January 2015 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users