Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PriceFountain and other malware


  • Please log in to reply
6 replies to this topic

#1 Czudi

Czudi

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 21 November 2015 - 08:43 PM

Hi, my wife's computer got infected another time, i am trying to sort things out. As I found traces of Price Fountain i went along according to instructions from this topic http://www.bleepingcomputer.com/forums/t/567852/pricefountain-and-vosteran-infection/?hl=+pricefountain . As to circumstances my wife realized her computer is infected - she couldnt run any browser other than IE. She got Chrome installed but she couldn't run it properly, so she decided to install firefox but installation always failed. After i heard that i started looking around her computer and runn all the programs form the link above. Below You can find all the logs i got:

 

MalwareBytes Anty Malware:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-11-21
Scan Time: 13:57
Logfile: mbam_log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Agnieszka

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358576
Time Elapsed: 12 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Jelbrus.A, C:\Users\Agnieszka\Downloads\Without_You,_There_Is_No_Us_(2014)_epub.exe, Quarantined, [024d8b2bc8c263d361ac79f7be487090],
PUP.Optional.PriceFountain.A, C:\Windows\Tasks\Price Fountain.job, Quarantined, [f55a15a1b4d68babf6b309f2b350c739],
PUP.Optional.Mindspark.A, C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downspeedtest.dl.tb.ask.com_0.localstorage, Quarantined, [9bb433838a00e254b8e7df998c79eb15],
PUP.Optional.Mindspark.A, C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downspeedtest.dl.tb.ask.com_0.localstorage-journal, Quarantined, [cd82e3d3b6d41c1a48574632887da957],
PUP.Optional.MindSpark.A, C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downspeedtest.dl.myway.com_0.localstorage, Quarantined, [5ef1387ee0aaf640abe1681433d28e72],
PUP.Optional.MindSpark.A, C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downspeedtest.dl.myway.com_0.localstorage-journal, Quarantined, [450ad5e1ccbef1453458522a8e7708f8],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

ADW Cleaner after scan:

 

# AdwCleaner v5.021 - Utworzono raport 21/11/2015 o 21:12:45
# Ostatnia aktualizacja 14/11/2015 przez Xplode
# Baza danych : 2015-11-13.1 [Lokalny]
# System operacyjny : Windows 8.1 Pro  (x64)
# Nazwa użytkownika : Agnieszka - ASUS551
# Lokalizacja programu : C:\Users\Agnieszka\Desktop\AdwCleaner.exe
# Działanie : Skanuj
# Wsparcie : http://toolslib.net/forum

***** [ Usługi ] *****

***** [ Foldery ] *****

Folder znaleziono : C:\Program Files (x86)\myfree codec
Folder znaleziono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Pliki ] *****

Plik znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjnbbdonfhdjpangbkdcikdageggmfbg_0.localstorage
Plik znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjnbbdonfhdjpangbkdcikdageggmfbg_0.localstorage-journal
Plik znaleziono : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjnbbdonfhdjpangbkdcikdageggmfbg
Plik znaleziono : C:\Windows\SysNative\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}gw64.sys.vir
Plik znaleziono : C:\Windows\SysNative\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}gw64.sys.vir

***** [ DLL ] *****

***** [ Skróty ] *****

***** [ Zaplanowane zadania ] *****

***** [ Rejestr ] *****

Klucz znaleziono : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Solution Real
Klucz znaleziono : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Solution Real
Klucz znaleziono : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz znaleziono : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Klucz znaleziono : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{88E14F4A-B9FF-4D14-8FBA-AF56EDD73A5C}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Klucz znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz znaleziono : HKCU\Software\Myfree Codec
Klucz znaleziono : HKLM\SOFTWARE\Myfree Codec
Klucz znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain
Klucz znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Przeglądarki internetowe ] *****

[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] znaleziono : daemon-search.com
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] znaleziono : omiga-plus
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] znaleziono : isearch.omiga-plus.com
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] znaleziono : search.conduit.com
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] znaleziono : hxxp://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
[C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] znaleziono : gjnbbdonfhdjpangbkdcikdageggmfbg

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3496 bajty] ##########

 

ADW after reboot:

 

# AdwCleaner v5.021 - Logfile created 21/11/2015 at 21:17:52
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.1 [Local]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Agnieszka - ASUS551
# Running from : C:\Users\Agnieszka\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****

[-] File Deleted : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjnbbdonfhdjpangbkdcikdageggmfbg_0.localstorage
[-] File Deleted : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjnbbdonfhdjpangbkdcikdageggmfbg_0.localstorage-journal
[-] File Deleted : C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjnbbdonfhdjpangbkdcikdageggmfbg
[-] File Deleted : C:\Windows\SysNative\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}gw64.sys.vir
[-] File Deleted : C:\Windows\SysNative\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}gw64.sys.vir

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Solution Real
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Solution Real
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{88E14F4A-B9FF-4D14-8FBA-AF56EDD73A5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Web browsers ] *****

[-] [C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : daemon-search.com
[-] [C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : omiga-plus
[-] [C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.omiga-plus.com
[-] [C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.omiga-plus.com/?type=hp&ts=1422126178&from=cor&uid=SanDiskXSDSSDHII480G_144298400070
[-] [C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gjnbbdonfhdjpangbkdcikdageggmfbg

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3526 bytes] ##########

 

ESETScan (this find some quatantines from about 6 months ago when my wife got her laptop infected for the 1st time):

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\solutionrealbho.dll.vir.vir odmiana zagrożenia Win32/BrowseFox.O potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\solutionrealuninstall.exe.vir.vir Win32/BrowseFox.C potencjalnie niepożądana aplikacja usunięty - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\updatesolutionreal.exe.vir.vir odmiana zagrożenia MSIL/BrowseFox.H potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\1d7d694e604c4da29100.dll.vir.vir odmiana zagrożenia Win32/BrowseFox.N potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\1d7d694e604c4da2910064.dll.vir.vir odmiana zagrożenia Win64/BrowseFox.CI potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\1d7d694e604c4da29100b2601d3a1c57.dll.vir.vir odmiana zagrożenia Win32/BrowseFox.M potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\1d7d694e604c4da29100b2601d3a1c5764.dll.vir.vir odmiana zagrożenia Win64/BrowseFox.CK potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9d.dll.vir.vir odmiana zagrożenia Win32/BrowseFox.N potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9d64.dll.vir.vir odmiana zagrożenia Win64/BrowseFox.CI potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9dd1d95d218412.dll.vir.vir odmiana zagrożenia Win32/BrowseFox.M potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9dd1d95d21841264.dll.vir.vir odmiana zagrożenia Win64/BrowseFox.CK potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\solutionreal.browseradapter.exe.vir.vir odmiana zagrożenia Win32/BrowseFox.AC potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\solutionreal.browseradapter64.exe.vir.vir odmiana zagrożenia Win64/BrowseFox.CN potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\solutionreal.expext.exe.vir.vir odmiana zagrożenia Win32/BrowseFox.AA potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\solutionreal.expextdll.dll.vir.vir odmiana zagrożenia Win64/BrowseFox.CJ potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\solutionreal.purbrowse64.exe.vir.vir odmiana zagrożenia Win64/BrowseFox.A potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\tmp969a.tmp.vir.vir odmiana zagrożenia MSIL/BrowseFox.H potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\tmpb9ab.tmp.vir.vir odmiana zagrożenia MSIL/BrowseFox.H potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\utilsolutionreal.exe.vir.vir odmiana zagrożenia MSIL/BrowseFox.H potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.bromon.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.N potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.brostats.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.G potencjalnie niepożądana aplikacja usunięty - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.browseradapter.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.L potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.compatibilitychecker.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.N potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.expext.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.H potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.ffupdate.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.L potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.gcupdate.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.K potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.ieupdate.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.L potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\solutionreal.purbrowseg.dll.vir.vir odmiana zagrożenia MSIL/BrowseFox.H potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\protectwindowsmanager.exe.vir.vir odmiana zagrożenia Win32/ELEX.Y potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Users\Agnieszka\AppData\Local\PriceFountain\prfo.dll.vir odmiana zagrożenia Win32/DealPly.AC potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Users\Agnieszka\AppData\Local\PriceFountain\pricefountain.exe.vir odmiana zagrożenia Win32/DealPly.AC potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Users\Agnieszka\AppData\Local\PriceFountain\pricefountainupdatever.exe.vir.vir odmiana zagrożenia Win32/DealPly.Z potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Users\Agnieszka\AppData\Roaming\omiga-plus\UninstallManager.exe.vir odmiana zagrożenia Win32/ELEX.CP potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Users\Agnieszka\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat.vir VBS/Kryptik.DY koń trojański wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Users\Agnieszka\AppData\Roaming\PriceFountain\UpdateProc\updatetask.exe.vir.vir odmiana zagrożenia Win32/DealPly.Z potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}gw64.sys.vir.vir odmiana zagrożenia Win64/NetFilter.A potencjalnie niebezpieczna aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}gw64.sys.vir.vir odmiana zagrożenia Win64/NetFilter.A potencjalnie niebezpieczna aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll Win32/ELEX.BM potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll Win32/ELEX.BM potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll odmiana zagrożenia Win32/ELEX.DH potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe Win32/ELEX.BM potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe Win32/ELEX.BM potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll Win32/ELEX.BM potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe Win32/ELEX.BM potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Program Files (x86)\XTab\SupTab.dll odmiana zagrożenia Win32/Thinknice.B potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg\1.0.1_0\background.js Win32/BrowseFox.Q potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\FRST\Quarantine\C\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnbbdonfhdjpangbkdcikdageggmfbg\1.0.1_0\content.js Win32/BrowseFox.Q potencjalnie niepożądana aplikacja wyleczony przez usunięcie - poddany kwarantannie
C:\Users\Agnieszka\Desktop\Czudi\2015\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potencjalnie niebezpieczna aplikacja usunięty - poddany kwarantannie
 

I am looking forward for Your opinion about those



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 21 November 2015 - 08:56 PM

Hi Czudi :)

My name is Aura and I'll be assisting you with your issue. The combo you just ran (JRT, AdwCleaner and Malwarebytes) took care of PriceFountain from what I can see. I would like to check a few other things first however. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 November 2015 - 01:34 PM

MiniToolBox log:

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Agnieszka (administrator) on 22-11-2015 at 19:27:21
Running from "C:\Users\Agnieszka\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Model: N551JM Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® Dual Band Wireless-N 7260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Urządzenie Bluetooth (sieć osobista) = Połączenie sieciowe Bluetooth (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Poczenie lokalne* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Poczenie sieciowe Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Poczenie lokalne* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Asus551
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Poczenie lokalne* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Karta Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : A0-A8-CD-B5-75-1C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Poczenie sieciowe Bluetooth:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Urzdzenie Bluetooth (sie osobista)
   Physical Address. . . . . . . . . : A0-A8-CD-B5-75-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 78-24-AF-C8-1C-F3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-N 7260
   Physical Address. . . . . . . . . : A0-A8-CD-B5-75-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd43:1fbe:82bf:19e0%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.18(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 21 listopada 2015 23:52:07
   Lease Expires . . . . . . . . . . : 23 listopada 2015 19:11:49
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 60860621
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-54-A5-39-78-24-AF-C8-1C-F3
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  livebox.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2a00:1450:4001:800::1008
   173.194.112.2
   173.194.112.9
   173.194.112.1
   173.194.112.5
   173.194.112.14
   173.194.112.3
   173.194.112.8
   173.194.112.7
   173.194.112.4
   173.194.112.6
   173.194.112.0

Pinging google.com [173.194.112.0] with 32 bytes of data:
Reply from 173.194.112.0: bytes=32 time=49ms TTL=57
Reply from 173.194.112.0: bytes=32 time=45ms TTL=57

Ping statistics for 173.194.112.0:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 45ms, Maximum = 49ms, Average = 47ms
Server:  livebox.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=137ms TTL=50
Reply from 98.139.183.24: bytes=32 time=141ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 137ms, Maximum = 141ms, Average = 139ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...a0 a8 cd b5 75 1c ......Karta Microsoft Wi-Fi Direct Virtual Adapter
  6...a0 a8 cd b5 75 1f ......Urzdzenie Bluetooth (sie osobista)
  4...78 24 af c8 1c f3 ......Realtek PCIe GBE Family Controller
  3...a0 a8 cd b5 75 1b ......Intel® Dual Band Wireless-N 7260
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.18     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.18    281
     192.168.1.18  255.255.255.255         On-link      192.168.1.18    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.18    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.18    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.18    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  3    281 fe80::/64                On-link
  3    281 fe80::bd43:1fbe:82bf:19e0/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/22/2015 07:27:04 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:27:04Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:26:34 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:26:34Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:26:04 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:26:04Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:25:34 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:25:34Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:25:04 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:25:04Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:24:34 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:24:34Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:24:04 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:24:04Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:23:34 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:23:34Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:23:04 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:23:04Z. Kod błędu: 0x80040154.

Error: (11/22/2015 07:22:34 PM) (Source: Software Protection Platform Service) (User: )
Description: Nie można zaplanować restartu usługi ochrony oprogramowania o 2115-10-29T18:22:34Z. Kod błędu: 0x80040154.

System errors:
=============
Error: (11/22/2015 08:58:36 AM) (Source: BTHUSB) (User: )
Description: W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter nie będzie używany. Sterownik został usunięty z pamięci.

Error: (11/22/2015 12:43:46 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu:
%%1275

Error: (11/22/2015 12:43:46 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\AGNIES~1\AppData\Local\Temp\ehdrv.sys

Error: (11/22/2015 12:43:45 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu:
%%1275

Error: (11/22/2015 12:43:45 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\AGNIES~1\AppData\Local\Temp\ehdrv.sys

Error: (11/22/2015 12:43:45 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu:
%%1275

Error: (11/22/2015 12:43:45 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\AGNIES~1\AppData\Local\Temp\ehdrv.sys

Error: (11/22/2015 12:05:46 AM) (Source: Service Control Manager) (User: )
Description: Usługa NVIDIA Streamer Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (11/22/2015 12:05:45 AM) (Source: Service Control Manager) (User: )
Description: Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (11/21/2015 09:20:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka modułu: C:\Windows\System32\IWMSSvc.dll

Microsoft Office Sessions:
=========================
Error: (11/22/2015 07:27:04 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:27:04Z

Error: (11/22/2015 07:26:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:26:34Z

Error: (11/22/2015 07:26:04 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:26:04Z

Error: (11/22/2015 07:25:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:25:34Z

Error: (11/22/2015 07:25:04 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:25:04Z

Error: (11/22/2015 07:24:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:24:34Z

Error: (11/22/2015 07:24:04 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:24:04Z

Error: (11/22/2015 07:23:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:23:34Z

Error: (11/22/2015 07:23:04 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:23:04Z

Error: (11/22/2015 07:22:34 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542115-10-29T18:22:34Z

CodeIntegrity Errors:
===================================
  Date: 2015-02-08 18:16:16.501
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-08 18:16:14.450
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-08 18:16:12.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-08 18:16:10.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-08 18:16:08.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-08 18:16:06.164
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 17.12.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 17.12.8 - NVIDIA Corporation) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pl)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
NanoScope Analysis (HKLM-x32\...\{9DE085E2-5F55-499F-9479-4CC8F21C14CE}) (Version: 1.30 - Bruker)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 333.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.11 - NVIDIA Corporation)
Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{50748ecf-730e-4c86-87be-0346d4aa7aac}) (Version: 17.0.6 - Intel Corporation)
Origin8 (HKLM-x32\...\{D7452A01-9BF9-4FFD-8B2E-650F713AE099}) (Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
Pakiet sterowników systemu Windows - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Panel sterowania NVIDIA 333.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 333.11 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation)
RasWin (remove only) (HKLM-x32\...\RasWin) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
TIDAL (HKLM-x32\...\{B28456D8-34A1-403E-857D-845B31B3F3AD}) (Version: 1.1.0.589 - TIDAL) Hidden
TIDAL (HKLM-x32\...\TIDAL 1.1.0.589) (Version: 1.1.0.589 - TIDAL)
VC8 Merge Modules (HKLM-x32\...\{C61C38A8-CA6B-471D-B942-67170BED8C39}) (Version: 1.00.0000 - Veeco Instruments Inc.) Hidden
VC8 Merge Modules (HKLM-x32\...\InstallShield_{C61C38A8-CA6B-471D-B942-67170BED8C39}) (Version: 1.00.0000 - Veeco Instruments Inc.)
VC9 Merge Modules (HKLM-x32\...\{D1B22484-C222-4DE8-B1B3-DF3F04B4A636}) (Version: 1.00.0000 - Veeco Instruments Inc.) Hidden
VC9 Merge Modules (HKLM-x32\...\InstallShield_{D1B22484-C222-4DE8-B1B3-DF3F04B4A636}) (Version: 1.00.0000 - Veeco Instruments Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8074.92 MB
Available physical RAM: 4965.95 MB
Total Virtual: 9354.92 MB
Available Virtual: 5792.78 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:446.79 GB) (Free:350.36 GB) NTFS

========================= Users: ========================================

Konta uľytkownik˘w dla \\ASUS551

Administrator            Agnieszka                Go†                    
Polecenie zostao wykonane pomylnie.

**** End of log ****



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 22 November 2015 - 05:07 PM

Please uninstall the following program.
  • Adobe Flash Player 16 NPAPI - Outdated and vulnerable;
Once done, follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;
Do you still have the PriceFountain ads?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 November 2015 - 07:57 PM

Hi,

I have succesfully installed Google Chrome and it's working i guess (It wasn't while i got PriceFountain). I haven't install the TFC as my avast warns me it's malware. Is link you provided correct?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 23 November 2015 - 06:16 AM

The link I provided is correct. This is what we call a "false positive". It happens when an Antivirus detects as malicious a file or process that is totally legitimate. What you can do it to disable avast! temporarily, then download and run TFC. Once done, you can delete the file and re-enable avast!.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Czudi

Czudi
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 November 2015 - 06:14 PM

I run TFC, I guess computer is clean now. I don't see anything suspicious in the Add/Remove Software in Control Panel. Any browser seems working and I cannot see any PF adds. Thanks for Your precious time and help. If I find something suspicious I will come back here to report it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users