Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Price Fountain, Solution Real and other malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 Czudi

Czudi

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 26 January 2015 - 01:52 AM

HI, so I got some malware installed. I am unable to delete them with "add/remove programs" - it says in that those programs were already deleted and I can only remove them from the program list. My avast keeps warning me about price fountain when I enter new web in Chrome. Additionaly, i can sometimes see Solution real ads. I run Avira System Rescue, it has found something but it didn't do the job. List of programs I found suspicious:

Price Fountain

Solutions Real

omiga-Plus

RasWin

 

here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Agnieszka (administrator) on ASUS551 on 26-01-2015 01:28:03
Running from C:\Users\Agnieszka\Desktop\Czudi
Loaded Profiles: Agnieszka (Available profiles: Agnieszka)
Platform: Windows 8.1 Pro (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2086728796-2284973935-1730649577-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Solution Real 1.0.0.6 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Agnieszka\AppData\Local\PriceFountain\PriceFountainIE.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Dokumenty Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Dysk Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Szukaj w Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Arkusze Google) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (AdBlock) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]
CHR Extension: (Solution Real) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg [2015-01-25]
CHR Extension: (Avast Online Security) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-24] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-23] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-14] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-24] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-03] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-05-14] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-24] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 01:26 - 2015-01-26 01:28 - 00000000 ____D () C:\Users\Agnieszka\Desktop\Czudi
2015-01-26 01:24 - 2015-01-26 01:24 - 00000197 _____ () C:\Windows\system32\2015-01-26-00-24-37.034-AvastVBoxSVC.exe-2856.log
2015-01-26 01:23 - 2015-01-26 01:23 - 00000472 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 23:03 - 2015-01-25 23:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Agnieszka\Downloads\mbam-setup-2.0.3.1025.exe
2015-01-25 22:44 - 2015-01-26 01:28 - 00000000 ____D () C:\FRST
2015-01-25 19:31 - 2015-01-25 05:45 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}gw64.sys.vir
2015-01-25 08:55 - 2015-01-25 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 08:55 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-25 08:54 - 2015-01-25 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-25 08:54 - 2015-01-25 08:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 __RHD () C:\MSOCache
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Microsoft Help
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-25 08:54 - 2015-01-25 08:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-01-25 08:53 - 2015-01-25 08:53 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\WinRAR
2015-01-25 08:52 - 2015-01-25 08:52 - 02113832 _____ () C:\Users\Agnieszka\Downloads\winrar-x64-520pl.exe
2015-01-25 08:52 - 2015-01-25 08:52 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-25 08:52 - 2015-01-25 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-25 08:52 - 2015-01-25 08:52 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-24 23:51 - 2015-01-24 23:51 - 00000989 _____ () C:\Users\Agnieszka\Desktop\Biodesigner.lnk
2015-01-24 23:51 - 2015-01-24 23:51 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\NVIDIA
2015-01-24 23:51 - 2015-01-24 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biodesigner
2015-01-24 23:51 - 2015-01-24 23:51 - 00000000 ____D () C:\Program Files (x86)\Biodesigner
2015-01-24 23:50 - 2015-01-24 23:50 - 02110565 _____ () C:\Users\Agnieszka\Downloads\biosetup.exe
2015-01-24 23:49 - 2015-01-24 23:49 - 00924480 _____ () C:\Users\Agnieszka\Downloads\RasMol_Latest_Windows_Installer.exe
2015-01-24 23:49 - 2015-01-24 23:49 - 00924480 _____ () C:\Users\Agnieszka\Downloads\RasMol_2.7.5_Windows_Installer.exe
2015-01-24 23:49 - 2015-01-24 23:49 - 00000995 _____ () C:\Users\Public\Desktop\RasWin.lnk
2015-01-24 23:49 - 2015-01-24 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RasWin
2015-01-24 23:49 - 2015-01-24 23:49 - 00000000 ____D () C:\Program Files (x86)\RasWin
2015-01-24 23:47 - 2015-01-24 23:39 - 00002069 _____ () C:\Users\Agnieszka\Desktop\OriginPro 8.lnk
2015-01-24 23:46 - 2015-01-24 23:46 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\vlc
2015-01-24 23:45 - 2015-01-24 23:45 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-24 23:44 - 2015-01-24 23:45 - 00000000 ____D () C:\Users\Agnieszka\Documents\Origin User Files
2015-01-24 23:39 - 2007-10-15 13:23 - 02199552 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\PdfDll32.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01703936 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCLR14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01637520 _____ (Codejock Software) C:\Windows\SysWOW64\LPUIT05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01433600 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDic14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01396736 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltann14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 01122304 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimg14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00703632 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRES05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00695440 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPDLG05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00642192 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUIR05r.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00507024 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtAct14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00434176 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00364544 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00262144 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00253952 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTEml14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00241664 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00228496 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpPdf05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00224400 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPKRN05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00221184 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lvkrn14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTSGM14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00146576 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpDoc05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00142480 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltact.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00139264 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpdf14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00138384 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpHTM05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00138384 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpEmf05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00113808 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPWSE05n.exe
2015-01-24 23:39 - 2007-10-15 13:23 - 00109712 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpRTF05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00106680 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUID05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00098304 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtTtf14n.Dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00094208 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltdoc14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00089232 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPCPN05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00086016 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax14n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00085136 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPINS05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00077898 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjb214n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00072848 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpTxt05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00068752 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lpdrv05n.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00065536 _____ () C:\Windows\SysWOW64\ltserial.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00056464 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUNI05N.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00056464 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRPC05u.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00052368 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPEML05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00048272 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRNT05N.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00038032 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUMD05n.dll
2015-01-24 23:39 - 2007-10-15 13:23 - 00035984 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPPMN05u.DLL
2015-01-24 23:39 - 2007-10-15 13:23 - 00032768 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfwmf14n.dll
2015-01-24 23:16 - 2015-01-24 23:16 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Bruker_Corporation
2015-01-24 23:14 - 2015-01-24 23:14 - 00001722 _____ () C:\Users\Public\Desktop\NanoScope Analysis.lnk
2015-01-24 23:14 - 2015-01-24 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bruker
2015-01-24 23:14 - 2015-01-24 23:14 - 00000000 ____D () C:\Program Files (x86)\Veeco Instruments Inc
2015-01-24 23:14 - 2015-01-24 23:14 - 00000000 ____D () C:\Program Files (x86)\NanoScope
2015-01-24 22:57 - 2015-01-25 23:23 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 22:57 - 2015-01-24 23:23 - 00003818 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 22:56 - 2015-01-24 22:57 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Adobe
2015-01-24 22:51 - 2015-01-24 22:51 - 00000197 _____ () C:\Windows\system32\2015-01-24-21-51-41.074-AvastVBoxSVC.exe-2916.log
2015-01-24 22:50 - 2015-01-24 22:50 - 936169258 _____ () C:\Windows\MEMORY.DMP
2015-01-24 22:50 - 2015-01-24 22:50 - 01450136 _____ () C:\Windows\Minidump\012415-117703-01.dmp
2015-01-24 22:50 - 2015-01-24 22:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-24 22:18 - 2015-01-25 21:55 - 00000000 ____D () C:\Users\Agnieszka\Desktop\PENDRIVE
2015-01-24 20:30 - 2015-01-25 09:02 - 00036352 _____ () C:\Users\Agnieszka\Desktop\zamowienie.xls
2015-01-24 20:30 - 2014-09-08 21:48 - 00017107 _____ () C:\Users\Agnieszka\Desktop\WESELE.xlsx
2015-01-24 20:27 - 2015-01-24 20:27 - 00000247 _____ () C:\Windows\system32\2015-01-24-19-27-47.042-aswFe.exe-5552.log
2015-01-24 20:23 - 2015-01-24 20:27 - 00000247 _____ () C:\Windows\system32\2015-01-24-19-23-28.032-aswFe.exe-6392.log
2015-01-24 20:23 - 2015-01-24 20:23 - 00000197 _____ () C:\Windows\system32\2015-01-24-19-23-26.060-AvastVBoxSVC.exe-5088.log
2015-01-24 20:22 - 2015-01-26 01:25 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Dropbox
2015-01-24 20:19 - 2015-01-24 20:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-24 20:19 - 2015-01-24 20:19 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\AVAST Software
2015-01-24 20:19 - 2015-01-24 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-24 20:18 - 2015-01-24 20:19 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-24 20:18 - 2015-01-24 20:19 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-24 20:18 - 2015-01-24 20:18 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-24 20:18 - 2015-01-24 20:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-24 20:18 - 2015-01-24 20:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-24 20:15 - 2015-01-24 20:15 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 20:14 - 2015-01-24 20:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-24 20:09 - 2015-01-24 03:39 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}gw64.sys.vir
2015-01-24 20:08 - 2015-01-24 20:08 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Opera Software
2015-01-24 20:07 - 2015-01-24 20:07 - 00003868 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422126475
2015-01-24 20:07 - 2015-01-24 20:07 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-01-24 20:07 - 2015-01-24 20:07 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-24 20:07 - 2015-01-24 20:07 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Opera Software
2015-01-24 20:07 - 2015-01-24 20:07 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\BESTplayer
2015-01-24 20:06 - 2015-01-26 02:14 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\PriceFountain
2015-01-24 20:06 - 2015-01-26 00:07 - 00000322 _____ () C:\Windows\Tasks\Price Fountain.job
2015-01-24 20:06 - 2015-01-24 20:06 - 00002660 _____ () C:\Windows\System32\Tasks\Price Fountain
2015-01-24 20:06 - 2015-01-24 20:06 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\PriceFountain
2015-01-24 20:06 - 2015-01-24 20:06 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
2015-01-24 20:06 - 2015-01-11 11:28 - 00003966 _____ () C:\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi
2015-01-24 20:05 - 2015-01-24 22:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-24 20:05 - 2015-01-24 20:05 - 00001056 _____ () C:\Users\Agnieszka\Desktop\NapiProjekt.lnk
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\OpenCandy
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\NapiProjekt
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt
2015-01-24 20:05 - 2015-01-24 20:05 - 00000000 ____D () C:\Program Files (x86)\NapiProjekt
2015-01-24 20:04 - 2015-01-24 20:04 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-24 20:03 - 2015-01-26 02:14 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-24 20:03 - 2015-01-24 20:04 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-24 20:02 - 2015-01-26 02:14 - 00000000 ____D () C:\Program Files (x86)\Solution Real
2015-01-24 20:02 - 2015-01-24 20:02 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\omiga-plus
2015-01-24 19:53 - 2015-01-24 19:53 - 00001126 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-24 19:19 - 2015-01-24 19:19 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-24 19:18 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-24 19:18 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-24 19:18 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-24 19:16 - 2015-01-24 19:16 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\com.aspiro.wimp.pl.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
2015-01-24 19:16 - 2015-01-24 19:16 - 00000000 ____D () C:\ProgramData\WiMP
2015-01-24 19:15 - 2015-01-24 19:15 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiMP.lnk
2015-01-24 19:15 - 2015-01-24 19:15 - 00000893 _____ () C:\Users\Public\Desktop\WiMP.lnk
2015-01-24 19:15 - 2015-01-24 19:15 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\com.aspiro.wimp.pl
2015-01-24 19:15 - 2015-01-24 19:15 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Aspiro Music AS
2015-01-24 19:15 - 2015-01-24 19:15 - 00000000 ____D () C:\Program Files (x86)\WiMP
2015-01-24 18:31 - 2015-01-24 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
2015-01-24 18:30 - 2015-01-24 18:30 - 00000000 ____D () C:\Program Files (x86)\OriginLab
2015-01-24 18:24 - 2015-01-24 22:08 - 00000000 ____D () C:\AGNIESZKA
2015-01-24 18:23 - 2015-01-24 18:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-01-24 16:50 - 2015-01-24 18:32 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Foxit Software
2015-01-24 16:49 - 2015-01-24 16:49 - 00001371 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-01-24 16:49 - 2015-01-24 16:49 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-01-24 16:49 - 2015-01-24 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-01-24 16:49 - 2015-01-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-01-24 16:46 - 2015-01-24 16:46 - 00002285 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 16:46 - 2015-01-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 16:45 - 2015-01-26 00:31 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 16:45 - 2015-01-25 23:50 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 16:45 - 2015-01-24 19:53 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Google
2015-01-24 16:45 - 2015-01-24 19:53 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 16:45 - 2015-01-24 16:45 - 00004042 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 16:45 - 2015-01-24 16:45 - 00003806 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 __SHD () C:\Users\Agnieszka\AppData\Local\EmieUserList
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 __SHD () C:\Users\Agnieszka\AppData\Local\EmieSiteList
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Macromedia
2015-01-24 03:21 - 2015-01-16 07:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-24 03:21 - 2015-01-16 07:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-24 03:20 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-24 03:20 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-24 03:09 - 2015-01-24 03:09 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-24 03:07 - 2015-01-24 03:07 - 00000726 _____ () C:\Users\Public\Desktop\eManual.Lnk
2015-01-24 03:07 - 2015-01-24 03:07 - 00000000 ____D () C:\eSupport
2015-01-24 03:05 - 2015-01-24 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-24 03:05 - 2015-01-24 03:05 - 00003562 _____ () C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
2015-01-24 03:03 - 2015-01-24 03:03 - 00000000 ____D () C:\Windows\SysWOW64\sda
2015-01-24 03:03 - 2013-04-25 11:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPerIcon.dll
2015-01-24 03:03 - 2012-08-06 04:17 - 00017280 _____ ( ) C:\Windows\system32\Drivers\kbfiltr.sys
2015-01-24 03:02 - 2015-01-24 03:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2015-01-24 03:02 - 2015-01-24 03:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2015-01-24 03:02 - 2015-01-24 03:02 - 00000000 ____D () C:\Users\Agnieszka\Documents\Moje odebrane pliki
2015-01-24 03:02 - 2013-10-18 07:12 - 00444632 ____R (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Intel
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\ProgramData\Intel.sav
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-24 03:01 - 2015-01-24 03:01 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-24 03:00 - 2015-01-24 03:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 02:58 - 2015-01-24 03:01 - 00013736 _____ () C:\Windows\DPINST.LOG
2015-01-24 02:58 - 2015-01-24 02:58 - 00003538 _____ () C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2015-01-24 02:58 - 2015-01-24 02:58 - 00000000 ____D () C:\Program Files\DIFX
2015-01-24 02:57 - 2015-01-24 03:05 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-01-24 02:55 - 2014-05-29 08:55 - 00873176 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-01-24 02:55 - 2014-05-29 08:55 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-01-24 02:50 - 2015-01-24 02:50 - 00383635 _____ () C:\Windows\system32\Drivers\RTWAVES40.dat
2015-01-24 02:50 - 2015-01-24 02:50 - 00006786 _____ () C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-01-24 02:50 - 2015-01-24 02:50 - 00002626 _____ () C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-01-24 02:50 - 2015-01-24 02:50 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2015-01-24 02:50 - 2015-01-24 02:50 - 00001314 _____ () C:\Users\Public\Desktop\AudioWizard.lnk
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-01-24 02:50 - 2015-01-24 02:50 - 00000000 ____D () C:\Program Files\Realtek
2015-01-24 02:50 - 2014-06-17 12:27 - 04001752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-24 02:50 - 2014-06-17 12:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-01-24 02:50 - 2014-06-17 09:08 - 01205934 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-24 02:50 - 2014-06-17 08:41 - 64228864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-01-24 02:50 - 2014-06-17 06:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-24 02:50 - 2014-06-13 09:24 - 02804952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-24 02:50 - 2014-06-11 10:08 - 00949464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-24 02:50 - 2014-06-11 04:44 - 01024728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-24 02:50 - 2014-06-09 09:57 - 02860248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-24 02:50 - 2014-05-09 04:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-24 02:50 - 2014-04-10 05:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-24 02:50 - 2014-03-06 09:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-24 02:50 - 2013-10-11 04:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-01-24 02:50 - 2013-08-14 08:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-01-24 02:50 - 2012-08-31 12:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-01-24 02:50 - 2012-08-31 12:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-01-24 02:50 - 2012-01-10 03:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-01-24 02:50 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-24 02:50 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-24 02:50 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-01-24 02:50 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-01-24 02:50 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-01-24 02:50 - 2011-03-17 05:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-01-24 02:50 - 2011-03-07 10:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-24 02:50 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-24 02:50 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-24 02:50 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-24 02:50 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-24 02:49 - 2015-01-24 03:21 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\NVIDIA Corporation
2015-01-24 02:49 - 2015-01-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-24 02:49 - 2015-01-24 02:50 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-24 02:49 - 2014-06-09 03:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-24 02:49 - 2014-05-19 03:47 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-24 02:49 - 2014-04-17 10:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-01-24 02:49 - 2014-04-10 05:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-24 02:49 - 2014-04-10 05:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-01-24 02:49 - 2014-04-07 09:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-01-24 02:49 - 2014-02-18 10:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-24 02:49 - 2013-10-11 05:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-24 02:49 - 2013-10-06 17:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-01-24 02:49 - 2013-10-06 17:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-01-24 02:49 - 2013-10-06 17:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-01-24 02:49 - 2013-08-14 08:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-01-24 02:49 - 2012-03-08 04:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-24 02:49 - 2011-08-23 10:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-01-24 02:49 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-01-24 02:49 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-24 02:47 - 2015-01-24 03:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-24 02:47 - 2015-01-24 03:13 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\NVIDIA
2015-01-24 02:47 - 2015-01-24 02:47 - 00001367 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-01-24 02:47 - 2015-01-24 02:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-24 02:47 - 2015-01-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-24 02:47 - 2015-01-24 02:47 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-24 02:47 - 2015-01-16 07:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-24 02:47 - 2015-01-16 07:41 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-24 02:47 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 06682400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 03499808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 01072472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 00925128 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-24 02:47 - 2014-04-29 18:11 - 00385368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-01-24 02:47 - 2014-04-29 18:11 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-24 02:47 - 2014-04-25 23:50 - 03747864 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-24 02:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-24 02:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-24 02:46 - 2015-01-24 03:21 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-24 02:46 - 2014-04-29 19:49 - 01883480 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433311.dll
2015-01-24 02:46 - 2014-04-29 19:49 - 01510744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433311.dll
2015-01-24 02:46 - 2014-04-29 19:49 - 00023662 _____ () C:\Windows\system32\nvinfo.pb
2015-01-24 02:45 - 2014-04-29 19:49 - 30411040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 25257816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 22993352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 18313696 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 18241584 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 17559384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 15880288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 15246856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 12698456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-24 02:45 - 2014-04-29 19:49 - 11642344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 11591344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 09734744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 09692496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 03132760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 03128776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 03085040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 02941384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 02755872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 02709120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00932808 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00893272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00886104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00854816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00478552 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00356184 _____ () C:\Windows\system32\NvIFROpenGL.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00313688 _____ () C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-24 02:45 - 2014-04-29 19:49 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-24 02:44 - 2015-01-24 03:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-24 02:41 - 2015-01-24 23:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 02:41 - 2015-01-24 03:01 - 00000000 ____D () C:\ProgramData\Intel
2015-01-24 02:41 - 2015-01-24 02:41 - 00000086 _____ () C:\setup.log
2015-01-24 02:41 - 2015-01-24 02:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-24 02:41 - 2015-01-24 02:41 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\InstallShield
2015-01-24 02:41 - 2013-09-03 16:52 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-01-24 02:41 - 2013-09-03 16:52 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-01-24 02:41 - 2013-09-03 16:52 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2015-01-24 02:38 - 2013-08-09 03:31 - 00644968 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-01-24 02:35 - 2013-08-21 08:16 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-01-24 02:31 - 2015-01-24 02:38 - 00000000 ____D () C:\Windows\Log
2015-01-24 02:23 - 2015-01-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-24 02:22 - 2015-01-24 03:01 - 00000000 ____D () C:\Program Files\Intel
2015-01-24 02:22 - 2015-01-24 02:22 - 00000000 ____D () C:\Intel
2015-01-24 02:22 - 2014-10-03 17:37 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-01-24 02:22 - 2014-10-03 17:37 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-01-24 02:16 - 2015-01-25 09:24 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2086728796-2284973935-1730649577-1001
2015-01-24 02:11 - 2015-01-24 22:50 - 00000000 ____D () C:\Users\Agnieszka
2015-01-24 02:11 - 2015-01-24 18:32 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\VirtualStore
2015-01-24 02:11 - 2015-01-24 02:11 - 00001454 _____ () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 02:11 - 2015-01-24 02:11 - 00000020 ___SH () C:\Users\Agnieszka\ntuser.ini
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Ustawienia lokalne
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Szablony
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Moje dokumenty
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Menu Start
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Documents\Moje wideo
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Documents\Moje obrazy
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Documents\Moja muzyka
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\Dane aplikacji
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\AppData\Local\Historia
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 _SHDL () C:\Users\Agnieszka\AppData\Local\Dane aplikacji
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Adobe
2015-01-24 02:11 - 2015-01-24 02:11 - 00000000 ____D () C:\Users\Agnieszka\AppData\Local\Packages
2015-01-24 02:11 - 2014-03-18 11:09 - 00000000 ___RD () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 02:11 - 2014-03-18 11:09 - 00000000 ___RD () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 02:11 - 2014-03-18 10:58 - 00000369 _____ () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-24 02:11 - 2014-03-18 10:58 - 00000369 _____ () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-24 02:11 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 02:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 01:55 - 2015-01-26 01:24 - 01949441 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 01:52 - 2015-01-24 01:52 - 00000000 ____D () C:\Windows\CSC
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Public\Documents\Moje wideo
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Public\Documents\Moje obrazy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Public\Documents\Moja muzyka
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Ustawienia lokalne
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Szablony
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Moje dokumenty
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Menu Start
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Documents\Moje wideo
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Documents\Moje obrazy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Documents\Moja muzyka
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\Dane aplikacji
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historia
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dane aplikacji
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje wideo
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje obrazy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Moja muzyka
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historia
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dane aplikacji
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Szablony
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Pulpit
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Menu Start
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Dokumenty
2015-01-24 01:48 - 2015-01-24 01:48 - 00000000 _SHDL () C:\ProgramData\Dane aplikacji
2015-01-24 01:44 - 2015-01-24 02:11 - 00000000 ____D () C:\Windows\Panther
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 01:23 - 2013-08-22 15:44 - 00481512 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 00:32 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-25 23:35 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-01-25 22:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-25 21:38 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-25 08:55 - 2014-03-18 10:40 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 08:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-25 08:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-25 08:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-24 22:57 - 2014-03-18 10:56 - 01825074 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 22:57 - 2014-03-18 10:28 - 00807160 _____ () C:\Windows\system32\perfh015.dat
2015-01-24 22:57 - 2014-03-18 10:28 - 00163478 _____ () C:\Windows\system32\perfc015.dat
2015-01-24 22:50 - 2014-03-18 02:46 - 00004316 _____ () C:\Windows\PFRO.log
2015-01-24 22:09 - 2013-08-22 15:46 - 00014933 _____ () C:\Windows\setupact.log
2015-01-24 19:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-24 19:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-24 03:01 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-01-24 02:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2015-01-24 02:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-24 02:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-24 01:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-24 01:47 - 2013-08-22 16:37 - 00002664 _____ () C:\Windows\DtcInstall.log
2015-01-24 01:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-24 01:43 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
 
==================== Files in the root of some directories =======
 
2015-01-24 02:50 - 2015-01-24 02:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Agnieszka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi4lwd6.dll
C:\Users\Agnieszka\AppData\Local\Temp\ose00000.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is16C.exe
C:\Users\Agnieszka\AppData\Local\Temp\_is4863.exe
C:\Users\Agnieszka\AppData\Local\Temp\_isCCF0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 01:46
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 26 January 2015 - 02:09 AM

I have to appologise I have started 2 exact same topics. This is so because everytime I wanted to start a topic I've got "timeout" info so I guesses starting topic didn't work so I begun to start another. Please close this topic and ignore it, and lets fix my laptop in the previous topic I've started:

 

http://www.bleepingcomputer.com/forums/t/564521/price-fountain-solution-real-and-other/



#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:08:03 AM

Posted 26 January 2015 - 08:09 AM

Hi. I'm checking your log now and will reply with instructions soon.



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:03 AM

Posted 26 January 2015 - 11:08 AM

This is a duplicate topic, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


Edited by Hoov, 26 January 2015 - 11:08 AM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users