Solved Asus n50vn rootkit

[mario81]

ComboFix 14-12-07.01 - Mariusz 2014-12-07 11:47:42.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4095.2067 [GMT 1:00]
Uruchomiony z: c:\users\Mariusz\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycler
.
.
((((((((((((((((((((((((( Pliki utworzone od 2014-11-07 do 2014-12-07 )))))))))))))))))))))))))))))))
.
.
2014-12-07 10:53 . 2014-12-07 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-07 10:41 . 2014-10-01 10:20 93400 ----a-w- c:\windows\system32\drivers\is-GJ4SP.tmp
2014-12-07 10:41 . 2014-12-07 10:41 -------- d-----w- C:\Program Files )
2014-12-07 10:41 . 2014-10-01 10:20 25816 ----a-w- c:\windows\system32\drivers\is-HRU1D.tmp
2014-12-07 08:01 . 2014-12-07 08:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-12-07 07:48 . 2014-12-07 08:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-12-07 07:44 . 2014-12-07 07:44 -------- d-----w- c:\programdata\HitmanPro
2014-12-07 03:23 . 2014-12-07 03:23 -------- d-----w- c:\program files\WinRAR
2014-12-06 19:43 . 2014-12-06 19:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-12-06 19:43 . 2014-12-06 19:43 -------- d-----w- c:\program files\Nightly
2014-12-06 17:44 . 2014-12-06 17:44 -------- d-----w- c:\programdata\GlassWire
2014-12-06 17:44 . 2014-11-05 05:41 33296 ----a-w- c:\windows\system32\drivers\gwdrv.sys
2014-12-06 17:44 . 2014-12-06 17:44 -------- d-----w- c:\program files (x86)\GlassWire
2014-12-06 17:33 . 2014-11-17 01:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9840109A-ACB0-46A3-8ED1-C7A31D26BED5}\mpengine.dll
2014-12-06 17:15 . 2014-12-06 17:18 -------- d-----w- c:\windows\system32\catroot2
2014-12-06 16:26 . 2014-12-06 17:05 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-12-06 16:18 . 2014-12-06 16:18 -------- d-----w- C:\RegBackup
2014-12-06 15:58 . 2014-12-06 15:58 -------- d-----w- c:\program files (x86)\WinDirStat
2014-12-06 15:49 . 2014-12-06 15:49 -------- d-----w- c:\program files (x86)\Secunia
2014-12-06 15:48 . 2014-12-06 15:48 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-12-06 15:44 . 2014-12-07 10:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-06 15:36 . 2014-12-06 15:36 -------- d-----w- c:\program files (x86)\Zemana AntiLogger Free
2014-12-06 15:36 . 2014-12-06 15:36 -------- d-----w- c:\program files (x86)\KeyCryptSDK
2014-12-06 15:36 . 2014-11-28 11:15 71400 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys
2014-12-06 15:32 . 2014-12-06 15:32 -------- d-----w- c:\programdata\InstallMate
2014-12-06 15:32 . 2014-12-06 15:32 -------- d-----w- c:\program files (x86)\Ruiware
2014-12-06 15:21 . 2014-12-07 10:29 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-12-06 15:21 . 2014-12-06 15:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2014-12-06 12:50 . 2014-12-06 12:50 129752 ----a-w- c:\windows\system32\drivers\06E03FF8.sys
2014-12-05 19:08 . 2014-12-06 17:21 -------- d-----w- c:\programdata\Skype
2014-11-28 12:02 . 2014-11-28 12:02 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2014-11-25 18:39 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-11-25 18:39 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-11-25 18:39 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-11-25 18:39 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-11-25 18:39 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-11-25 18:39 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-11-25 18:39 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-11-25 18:39 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-11-25 18:39 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-11-25 18:39 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-11-25 18:38 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-11-25 18:38 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-11-25 18:38 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-11-25 18:38 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-11-25 14:22 . 2014-11-25 14:22 -------- d-----w- c:\programdata\Package Cache
2014-11-25 14:21 . 2014-11-25 14:21 -------- d-----w- c:\program files (x86)\Seagate
2014-11-25 14:17 . 2014-11-25 14:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-11-25 14:08 . 2014-10-31 22:26 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-25 13:51 . 2014-11-25 13:51 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-25 13:45 . 2014-12-06 20:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-25 13:45 . 2014-12-06 20:11 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-25 13:45 . 2014-11-25 13:45 -------- d-----w- c:\windows\SysWow64\Macromed
2014-11-25 13:45 . 2014-11-25 13:45 -------- d-----w- c:\windows\system32\Macromed
2014-11-25 13:26 . 2014-12-07 10:39 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-25 13:26 . 2014-12-07 07:27 -------- d-----w- c:\programdata\Malwarebytes
2014-11-25 13:26 . 2014-12-06 17:29 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-25 13:26 . 2014-12-06 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-25 13:26 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-25 13:26 . 2014-10-01 10:20 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-25 13:19 . 2014-12-06 13:21 -------- d-----w- c:\program files (x86)\Opera
2014-11-25 13:16 . 2009-06-25 23:38 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2014-11-25 13:16 . 2007-07-25 19:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2014-11-25 13:16 . 2009-06-26 00:04 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2014-11-25 13:16 . 2009-06-25 23:13 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2014-11-25 13:16 . 2004-09-04 10:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2014-11-25 13:13 . 2014-11-25 13:14 -------- d-----w- c:\programdata\NVIDIA
2014-11-25 13:12 . 2009-05-11 10:49 81952 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-11-25 13:12 . 2009-05-11 10:49 62976 ----a-w- c:\windows\system32\nvapo64v.dll
2014-11-25 13:12 . 2009-05-11 10:48 22528 ----a-w- c:\windows\system32\nvhdap64.dll
2014-11-25 13:12 . 2009-05-08 14:50 159232 ----a-w- c:\windows\system32\nvcohda6.dll
2014-11-25 13:12 . 2009-05-08 14:50 506400 ----a-w- c:\windows\system32\nvuhda6.exe
2014-11-25 13:11 . 2009-06-11 09:09 508448 ----a-w- c:\windows\system32\nvudisp.exe
2014-11-25 13:11 . 2009-06-22 11:28 539168 ----a-w- c:\windows\system32\NVUNINST.EXE
2014-11-25 13:06 . 2009-07-20 16:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2014-11-25 13:05 . 2009-08-23 04:24 5435904 ----a-w- c:\windows\system32\drivers\NETw5v64.sys
2014-11-25 13:04 . 2014-11-25 13:53 -------- d-----w- c:\program files\ATKGFNEX
2014-11-25 13:04 . 2014-11-25 13:04 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2014-11-25 13:03 . 2014-11-25 13:04 -------- d-----w- c:\program files (x86)\ASUS
2014-11-25 13:02 . 2014-12-05 19:08 -------- d-sh--w- c:\windows\Installer
2014-11-25 12:56 . 2014-11-25 12:57 -------- d-----w- c:\users\Mariusz
2014-11-25 12:49 . 2014-11-25 12:56 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="c:\users\Mariusz\Desktop\HijackThis\HijackThis.exe" [2011-04-11 1306624]
"SUPERAntiSpyware"="c:\users\Mariusz\Desktop\SuperAntiSpyware\PROGRAM64.COM" [2011-10-17 5500800]
"HW_OPENEYE_OUC_blueconnect"="c:\program files (x86)\blueconnect\UpdateDog\ouc.exe" [2011-03-26 116064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-04 2558776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 SASDIFSV;SASDIFSV;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS;c:\users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-41186125.sys
.
.
.
Czas ukończenia: 2014-12-07 11:55:17
ComboFix-quarantined-files.txt 2014-12-07 10:55
.
Przed: 476 243 406 848 bajtów wolnych
Po: 476 322 066 432 bajtów wolnych
.
- - End Of File - - 5D4B5A8100FE671EBB2AA40024FF2FCE
A36C5E4F47E84449FF07ED3517B43A31

 

[argus]

Helllo,

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[mario81]

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mariusz :: MARIUSZ-ASUS [administrator]

2014-12-07 11:40:05
mbar-log-2014-12-07 (11-40-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 314426
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.500000 GHz
Memory total: 4294037504, free: 2402488320

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.500000 GHz
Memory total: 4294037504, free: 2421252096

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
12/06/2014 16:44:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007327060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa8006c0e060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004bf4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80046d6680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004bf4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bf4ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bf4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59748

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007327060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b88040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007327060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c0e060, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.500000 GHz
Memory total: 4294037504, free: 2905636864

Downloaded database version: v2014.12.06.07
Downloaded database version: v2014.12.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
------------ Kernel report ------------
12/06/2014 18:30:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004cb73e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xfffffa8004cfab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c1c5f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80046b7060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c1c5f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c1c5f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046ba4f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046b7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59748

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004cb73e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006596b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004cb73e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004cfab60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.500000 GHz
Memory total: 4294037504, free: 2197168128

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.500000 GHz
Memory total: 4294037504, free: 2510094336

=======================================
Initializing...
------------ Kernel report ------------
12/07/2014 11:39:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\gwdrv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS
\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006cea570
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8006cdf330
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c3e730
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80046d6680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c3e180, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59748

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006cea570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ce7040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006cea570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006cdf330, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.500000 GHz
Memory total: 4294037504, free: 1889345536

=======================================
Initializing...
------------ Kernel report ------------
12/07/2014 17:26:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS
\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\DRIVERS\gwdrv.sys
\??\C:\Users\Mariusz\AppData\Local\Temp\pwriafoc.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c3e730
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80046d6680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c3e180, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59748

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Mariusz (administrator) on MARIUSZ-ASUS on 07-12-2014 16:27:34
Running from C:\Users\Mariusz\Downloads
Loaded Profile: Mariusz (Available profiles: Mariusz)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Seifert) C:\Program Files (x86)\WinDirStat\windirstat.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
() C:\Program Files (x86)\blueconnect\blueconnect.exe
(Huawei Technologies Co., Ltd.) C:\Users\Mariusz\AppData\Roaming\blueconnect\ouc.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files )\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files )\Malwarebytes Anti-Malware\mbamscheduler.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe
(OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.scr


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2558776 2014-12-04] (Malwarebytes Corporation)
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [HijackThis startup scan] => C:\Users\Mariusz\Desktop\HijackThis\HijackThis.exe [1306624 2011-04-11] (Trend Micro Inc.)
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [SUPERAntiSpyware] => C:\Users\Mariusz\Desktop\SuperAntiSpyware\PROGRAM64.COM [5500800 2011-10-17] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [HW_OPENEYE_OUC_blueconnect] => C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe [116064 2011-03-26] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9474344 2014-11-06] (SecureMix LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x84F5C445B208D001
HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{8B89C5E6-5A1C-4B5B-AF23-768569CBDACB}: [NameServer] 89.108.202.20 89.108.195.20

FireFox:
========
FF ProfilePath: C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-06]
FF Extension: Bluhell Firewall - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-12-06]
FF Extension: Cert Alert - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{c45ac2c6-14d5-11df-844d-001f16155cce}.xpi [2014-12-06]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-12-06]
FF Extension: Adblock Plus - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06]
FF Extension: Adblock Edge - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-06]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6279976 2014-11-06] (SecureMix LLC)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [544056 2014-12-04] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files )\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files )\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-04] ()
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2014-11-05] (SecureMix LLC)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [71400 2014-11-28] (Zemana Ltd.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-12-06] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R1 SASDIFSV; C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 16:25 - 2014-12-07 16:25 - 00368705 _____ () C:\Users\Mariusz\Downloads\gm.zip
2014-12-07 16:24 - 2014-12-07 16:27 - 00009068 _____ () C:\Users\Mariusz\Downloads\FRST.txt
2014-12-07 16:24 - 2014-12-07 16:27 - 00000000 ____D () C:\FRST
2014-12-07 16:24 - 2014-12-07 16:25 - 00023099 _____ () C:\Users\Mariusz\Downloads\Addition.txt
2014-12-07 16:24 - 2014-12-07 16:24 - 00602112 _____ (OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.scr
2014-12-07 16:22 - 2014-12-07 16:23 - 02119680 _____ (Farbar) C:\Users\Mariusz\Downloads\FRST64.exe
2014-12-07 14:45 - 2014-12-07 14:45 - 00001873 _____ () C:\Users\Mariusz\Desktop\GlassWire.lnk
2014-12-07 14:45 - 2014-12-07 14:45 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2014-12-07 14:45 - 2014-12-07 14:45 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2014-12-07 11:55 - 2014-12-07 11:55 - 00013838 _____ () C:\ComboFix.txt
2014-12-07 11:46 - 2014-12-07 11:55 - 00000000 ____D () C:\Qoobox
2014-12-07 11:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-07 11:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-07 11:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-07 11:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-07 11:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-07 11:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-07 11:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-07 11:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-07 11:45 - 2014-12-07 11:45 - 05600430 ____R (Swearware) C:\Users\Mariusz\Downloads\ComboFix.exe
2014-12-07 11:41 - 2014-12-07 11:41 - 00000000 ____D () C:\Program Files )
2014-12-07 11:41 - 2014-10-01 11:20 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-GJ4SP.tmp
2014-12-07 11:41 - 2014-10-01 11:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-HRU1D.tmp
2014-12-07 11:35 - 2014-12-07 11:36 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Mariusz\Downloads\mbam-setup.exe
2014-12-07 11:34 - 2014-12-07 11:35 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Mariusz\Downloads\mbar-1.08.2.1001(1).exe
2014-12-07 10:43 - 2014-12-07 10:43 - 00000000 ____D () C:\Users\Mariusz\Desktop\Undelete
2014-12-07 10:35 - 2014-12-07 10:35 - 02774272 _____ () C:\Users\Mariusz\Downloads\avg_remover_parite.exe
2014-12-07 10:32 - 2014-12-07 10:32 - 02774272 _____ () C:\Users\Mariusz\Downloads\rmmabez.exe
2014-12-07 09:52 - 2014-12-07 09:52 - 00000016 __RSH () C:\Recycled
2014-12-07 09:46 - 2014-12-07 09:46 - 00001084 _____ () C:\CSDefault.cst
2014-12-07 09:22 - 2014-12-07 09:27 - 00000000 ____D () C:\Users\Mariusz\Desktop\AviraAntiVir
2014-12-07 09:19 - 2014-12-07 09:20 - 00000000 ____D () C:\Users\Mariusz\Documents\AIDA64 Reports
2014-12-07 09:12 - 2014-12-07 10:17 - 00000000 ____D () C:\Users\Mariusz\Desktop\AIDA64
2014-12-07 09:08 - 2014-12-06 18:09 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20141207-090824.backup
2014-12-07 09:01 - 2014-12-07 09:01 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\SUPERAntiSpyware.com
2014-12-07 09:01 - 2014-12-07 09:01 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-07 08:50 - 2014-12-07 08:50 - 00000000 ____D () C:\Users\Mariusz\Desktop\WindowsSurfaceScanner
2014-12-07 08:49 - 2014-12-07 09:00 - 00000000 ____D () C:\Users\Mariusz\Desktop\TrueCrypt
2014-12-07 08:49 - 2014-12-07 08:49 - 00000000 ____D () C:\Users\Mariusz\Desktop\SuperAntiSpyware
2014-12-07 08:48 - 2014-12-07 09:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-07 08:48 - 2014-12-07 08:48 - 00000000 ____D () C:\Users\Mariusz\Desktop\SpybotSD
2014-12-07 08:47 - 2014-12-07 08:47 - 00000000 ____D () C:\Users\Mariusz\Desktop\SoftPerfectNetworkScanner
2014-12-07 08:44 - 2014-12-07 08:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-07 08:42 - 2014-12-07 11:06 - 00000000 ____D () C:\Users\Mariusz\Desktop\HijackThis
2014-12-07 08:24 - 2014-12-07 08:24 - 00000000 ____D () C:\Users\Mariusz\Desktop\DefaultKeyboardPatch
2014-12-07 07:08 - 2014-12-07 07:08 - 00164134 _____ () C:\Users\Mariusz\Downloads\sk.zip
2014-12-07 07:08 - 2014-12-07 07:08 - 00000000 ____D () C:\Users\Mariusz\Desktop\sk
2014-12-07 04:27 - 2014-12-07 04:27 - 00003384 _____ () C:\Users\Mariusz\Downloads\index(2).html
2014-12-07 04:27 - 2014-12-07 04:27 - 00002928 _____ () C:\Users\Mariusz\Downloads\index(1).html
2014-12-07 04:26 - 2014-12-07 04:26 - 00001016 _____ () C:\Users\Mariusz\Downloads\index.html
2014-12-07 04:24 - 2014-12-07 04:24 - 00000000 ____D () C:\Users\Mariusz\Desktop\listingi
2014-12-07 04:23 - 2014-12-07 04:23 - 01941064 _____ () C:\Users\Mariusz\Downloads\winrar-x64-520.exe
2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\WinRAR
2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-07 04:22 - 2014-12-07 04:22 - 25514493 _____ () C:\Users\Mariusz\Downloads\listingi.rar
2014-12-06 21:14 - 2014-12-06 21:14 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Macromedia
2014-12-06 21:14 - 2014-12-06 21:14 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Adobe
2014-12-06 20:43 - 2014-12-06 20:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Mozilla
2014-12-06 20:43 - 2014-12-06 20:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Mozilla
2014-12-06 20:43 - 2014-12-06 20:43 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2014-12-06 20:43 - 2014-12-06 20:43 - 00000862 _____ () C:\Users\Public\Desktop\Nightly.lnk
2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\Program Files\Nightly
2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 20:42 - 2014-12-06 20:43 - 43329168 _____ () C:\Users\Mariusz\Downloads\firefox-37.0a1.en-US.win64-x86_64.installer.exe
2014-12-06 18:44 - 2014-12-06 18:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\GlassWire
2014-12-06 18:44 - 2014-12-06 18:44 - 00000000 ____D () C:\ProgramData\GlassWire
2014-12-06 18:44 - 2014-11-05 06:54 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat
2014-12-06 18:44 - 2014-11-05 06:41 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2014-12-06 18:42 - 2014-12-06 18:48 - 00000000 ____D () C:\Users\Mariusz\Desktop\Nowy folder
2014-12-06 18:42 - 2014-12-06 18:42 - 00084917 _____ () C:\Users\Mariusz\Downloads\bluescreenview-x64.zip
2014-12-06 18:40 - 2014-12-06 18:42 - 16338360 _____ (SecureMix LLC) C:\Users\Mariusz\Downloads\GlassWireSetup.exe
2014-12-06 18:10 - 2014-12-06 18:10 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-12-06 17:43 - 2014-12-06 17:48 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 17:41 - 2014-12-06 17:41 - 00000000 ____D () C:\Users\Mariusz\Downloads\vba32arkit
2014-12-06 17:39 - 2014-12-07 11:08 - 00000000 ____D () C:\Users\Mariusz\Downloads\TMRBLog
2014-12-06 17:39 - 2014-12-06 17:40 - 00002122 _____ () C:\Users\Mariusz\Desktop\Rkill.txt
2014-12-06 17:28 - 2014-12-06 17:28 - 08656400 _____ (Trend Micro Inc.) C:\Users\Mariusz\Downloads\RootkitBuster_v5_1061.exe
2014-12-06 17:28 - 2014-12-06 17:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mariusz\Downloads\rkill.com
2014-12-06 17:27 - 2014-12-06 17:27 - 00464491 _____ () C:\Users\Mariusz\Downloads\RootRepeal.zip
2014-12-06 17:25 - 2014-12-06 17:25 - 01472131 _____ () C:\Users\Mariusz\Downloads\vba32arkit.zip
2014-12-06 17:19 - 2014-12-06 17:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MARIUSZ-ASUS-Microsoft-Windows-7-Professional-(64-bit).dat
2014-12-06 17:18 - 2014-12-06 17:18 - 00000000 ____D () C:\RegBackup
2014-12-06 17:12 - 2014-12-06 17:12 - 00003304 _____ () C:\bootsqm.dat
2014-12-06 17:04 - 2014-12-06 17:04 - 00003170 _____ () C:\Windows\System32\Tasks\{560E3CD8-BAF3-4E80-A885-17F4DA9CF338}
2014-12-06 16:58 - 2014-12-06 16:58 - 00001035 _____ () C:\Users\Mariusz\Desktop\WinDirStat.lnk
2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-12-06 16:57 - 2014-12-06 16:57 - 00645729 _____ (WDS Team) C:\Users\Mariusz\Downloads\windirstat1_1_2_setup.exe
2014-12-06 16:57 - 2014-12-06 16:57 - 00401920 _____ (Farbar) C:\Users\Mariusz\Downloads\MiniToolBox (1).exe
2014-12-06 16:55 - 2014-12-06 16:55 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Mariusz\Downloads\ADSSpy.exe
2014-12-06 16:55 - 2014-12-06 16:55 - 00000194 _____ () C:\Users\Mariusz\Downloads\hosts-perm.bat
2014-12-06 16:54 - 2014-12-06 16:54 - 00145237 _____ () C:\Users\Mariusz\Downloads\ntregopt.zip
2014-12-06 16:54 - 2014-12-06 16:54 - 00000000 ____D () C:\Users\Mariusz\Downloads\ntregopt
2014-12-06 16:53 - 2014-12-06 17:06 - 04025858 _____ () C:\Users\Mariusz\Downloads\EmsisoftEmergencyKit.exe.opdownload
2014-12-06 16:49 - 2014-12-06 16:49 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-12-06 16:49 - 2014-12-06 16:49 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Secunia PSI
2014-12-06 16:49 - 2014-12-06 16:49 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-12-06 16:48 - 2014-12-06 16:48 - 00002163 _____ () C:\Users\Mariusz\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-06 16:48 - 2014-12-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-06 16:48 - 2014-12-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-06 16:47 - 2014-12-06 16:47 - 09817304 _____ () C:\Users\Mariusz\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-12-06 16:47 - 2014-12-06 16:47 - 05490752 _____ (Secunia) C:\Users\Mariusz\Downloads\PSISetup.exe
2014-12-06 16:44 - 2014-12-07 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 16:43 - 2014-12-07 11:57 - 00000000 ____D () C:\Users\Mariusz\Desktop\mbar
2014-12-06 16:42 - 2014-12-06 16:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Mariusz\Downloads\mbar-1.08.2.1001.exe
2014-12-06 16:36 - 2014-12-06 16:36 - 00001144 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\AntiLogger Free
2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-12-06 16:36 - 2014-11-28 12:15 - 00071400 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-12-06 16:35 - 2014-12-06 16:35 - 03453640 _____ (Zemana Ltd. ) C:\Users\Mariusz\Downloads\AntiLoggerFree_Setup.exe
2014-12-06 16:35 - 2014-12-06 16:35 - 00000000 ____D () C:\Users\Mariusz\Downloads\data
2014-12-06 16:34 - 2014-12-06 16:34 - 00332171 _____ () C:\Users\Mariusz\Downloads\GiveMePower-v2.0.exe
2014-12-06 16:34 - 2014-06-19 11:17 - 00414720 _____ () C:\Users\Mariusz\Downloads\GiveMePower.exe
2014-12-06 16:34 - 2014-06-19 11:17 - 00038400 _____ () C:\Users\Mariusz\Downloads\GiveMePower.pdb
2014-12-06 16:33 - 2014-12-06 16:33 - 00009506 _____ () C:\HijackPatrol.log
2014-12-06 16:32 - 2014-12-06 19:41 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\WinPatrol
2014-12-06 16:32 - 2014-12-06 16:32 - 01156136 _____ (Ruiware) C:\Users\Mariusz\Downloads\wpsetup.exe
2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-12-06 16:23 - 2014-12-06 16:23 - 00006706 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF (1).torrent
2014-12-06 16:21 - 2014-12-07 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF
2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-12-06 16:20 - 2014-12-06 16:20 - 00006706 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF.torrent
2014-12-06 16:19 - 2014-12-06 16:19 - 00001444 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Exploit.Premium.v1.05.1.1015.Final-FFF.torrent
2014-12-06 16:19 - 2014-12-06 16:19 - 00000857 _____ () C:\Users\Mariusz\Desktop\µTorrent.lnk
2014-12-06 16:19 - 2014-12-06 16:19 - 00000837 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-06 16:19 - 2014-12-06 16:19 - 00000000 ____D () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Exploit.Premium.v1.05.1.1015.Final-FFF
2014-12-06 16:18 - 2014-12-06 17:06 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\uTorrent
2014-12-06 16:18 - 2014-12-06 16:18 - 01682512 _____ (BitTorrent Inc.) C:\Users\Mariusz\Downloads\uTorrent.exe
2014-12-06 13:50 - 2014-12-06 13:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\06E03FF8.sys
2014-12-05 20:08 - 2014-12-06 18:21 - 00000000 ____D () C:\ProgramData\Skype
2014-12-05 20:08 - 2014-12-05 20:08 - 00003130 _____ () C:\Windows\System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013}
2014-12-05 20:06 - 2014-12-05 20:06 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Mariusz\Downloads\SkypeSetup.exe
2014-11-28 13:02 - 2014-11-28 13:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2014-11-28 08:33 - 2014-11-28 08:33 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-25 19:39 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-25 19:39 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-25 19:39 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-25 19:39 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-25 19:39 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-25 19:39 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-25 19:39 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-25 19:39 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-25 19:39 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-25 19:39 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-25 19:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by Mariusz at 2014-12-07 16:28:09
Running from C:\Users\Mariusz\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.240 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.24 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.24 - Zemana Ltd.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
blueconnect (HKLM-x32\...\blueconnect) (Version: 11.302.09.27.49 - Huawei Technologies Co.,Ltd)
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.30 - SecureMix LLC)
Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0a1 - Mozilla)
Nightly 37.0a1 (x64 en-US) (HKLM\...\Nightly 37.0a1 (x64 en-US)) (Version: 37.0a1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
WinDirStat 1.1.2 (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\WinDirStat) (Version: - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

25-11-2014 13:02:47 Installed ATK Hotkey
25-11-2014 13:03:49 Installed ATK Media
25-11-2014 13:04:11 Installed ATK Generic Function Service
25-11-2014 14:14:44 Windows Update
25-11-2014 14:21:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
25-11-2014 18:38:24 Windows Update
06-12-2014 16:44:12 ComboFix created restore point
06-12-2014 17:32:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-07 11:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5416E9A3-BFE1-4B01-B72E-CDDC8273B985} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {5F15C5AF-A49F-48EE-A1FA-065B987DCB0B} - System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013} => c:\program files (x86)\opera\launcher.exe [2014-11-25] (Opera Software)
Task: {B642009A-2D27-4045-800A-14401979BC9D} - System32\Tasks\Opera scheduled Autoupdate 1416921688 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software)

==================== Loaded Modules (whitelisted) =============

2014-11-25 13:58 - 2011-05-05 15:13 - 00120160 _____ () C:\Program Files (x86)\blueconnect\blueconnect.exe
2014-12-06 21:11 - 2014-12-06 21:11 - 23043248 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll
2014-11-25 13:58 - 2011-03-26 16:59 - 00020320 _____ () C:\Program Files (x86)\blueconnect\isaputrace.dll
2014-11-25 13:58 - 2011-03-26 16:54 - 00128352 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrPlugin.dll
2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\NetInfoPlugin.dll
2014-11-25 13:58 - 2011-03-26 16:54 - 00095584 _____ () C:\Program Files (x86)\blueconnect\DialUpPlugin.dll
2014-11-25 13:58 - 2011-03-26 16:53 - 00071008 _____ () C:\Program Files (x86)\blueconnect\ConfigFilePlugin.dll
2014-11-25 13:58 - 2011-03-26 16:55 - 01025376 _____ () C:\Program Files (x86)\blueconnect\NDISAPI.dll
2014-11-25 13:58 - 2011-03-26 16:54 - 00161120 _____ () C:\Program Files (x86)\blueconnect\DetectDev.dll
2014-11-25 13:58 - 2011-03-26 16:53 - 00566624 _____ () C:\Program Files (x86)\blueconnect\atcomm.dll
2014-11-25 13:58 - 2011-03-26 16:56 - 00066912 _____ () C:\Program Files (x86)\blueconnect\XCodec.dll
2014-11-25 13:58 - 2011-03-26 16:54 - 00066912 _____ () C:\Program Files (x86)\blueconnect\DeviceOperate.dll
2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\LocaleMgrPlugin.dll
2014-11-25 13:58 - 2011-03-26 16:55 - 00038240 _____ () C:\Program Files (x86)\blueconnect\NotifyServicePlugin.dll
2014-11-25 13:58 - 2011-03-26 16:58 - 00095584 _____ () C:\Program Files (x86)\blueconnect\FileManager.dll
2014-11-25 13:58 - 2011-03-26 16:55 - 00165216 _____ () C:\Program Files (x86)\blueconnect\SMSPlugin.dll
2014-11-25 13:58 - 2011-03-26 16:54 - 00243040 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrUIPlugin.dll
2014-11-25 13:58 - 2011-03-26 16:56 - 00071008 _____ () C:\Program Files (x86)\blueconnect\SpeedManagerPlugin.dll
2014-11-06 08:08 - 2014-11-06 08:08 - 00893224 _____ () C:\Program Files (x86)\GlassWire\platforms\qwindows.dll
2014-11-06 08:08 - 2014-11-06 08:08 - 00030504 _____ () C:\Program Files (x86)\GlassWire\imageformats\qico.dll
2014-11-06 08:08 - 2014-11-06 08:08 - 00248104 _____ () C:\Program Files (x86)\GlassWire\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HW_OPENEYE_OUC_blueconnect => "C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: ZALFree => "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-2376877967-2081922626-2068000606-500 - Administrator - Disabled)
Gość (S-1-5-21-2376877967-2081922626-2068000606-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2376877967-2081922626-2068000606-1002 - Limited - Enabled)
Mariusz (S-1-5-21-2376877967-2081922626-2068000606-1000 - Administrator - Enabled) => C:\Users\Mariusz

==================== Faulty Device Manager Devices =============

Name: Urządzenie pamięci masowej USB
Description: Urządzenie pamięci masowej USB
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Zgodne urządzenie magazynujące USB
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Urządzenie pamięci masowej USB
Description: Urządzenie pamięci masowej USB
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Zgodne urządzenie magazynujące USB
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program windirstat.exe w wersji 1.1.2.80 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 304

Godzina rozpoczęcia: 01d011fc5c5a096f

Godzina zakończenia: 16

Ścieżka aplikacji: C:\Program Files (x86)\WinDirStat\windirstat.exe

Identyfikator raportu: ba294275-7def-11e4-9e97-002243c190ce

Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa
Nazwa modułu powodującego błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000040cd
Identyfikator procesu powodującego błąd: 0x63c
Godzina uruchomienia aplikacji powodującej błąd: 0xRootkitRevealer.exe0
Ścieżka aplikacji powodującej błąd: RootkitRevealer.exe1
Ścieżka modułu powodującego błąd: RootkitRevealer.exe2
Identyfikator raportu: RootkitRevealer.exe3

Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Windows Surface Scanner.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x4c113abb
Nazwa modułu powodującego błąd: msvcrt.dll, wersja: 7.0.7600.16385, sygnatura czasowa: 0x4a5bda6f
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000d193
Identyfikator procesu powodującego błąd: 0xca0
Godzina uruchomienia aplikacji powodującej błąd: 0xWindows Surface Scanner.exe0
Ścieżka aplikacji powodującej błąd: Windows Surface Scanner.exe1
Ścieżka modułu powodującego błąd: Windows Surface Scanner.exe2
Identyfikator raportu: Windows Surface Scanner.exe3

Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program NOTEPAD.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: dec

Godzina rozpoczęcia: 01d0117dc7c2d407

Godzina zakończenia: 0

Ścieżka aplikacji: C:\Windows\system32\NOTEPAD.EXE

Identyfikator raportu: 0f7f3df2-7d71-11e4-8e19-002243c190ce

Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/07/2014 02:09:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/07/2014 11:53:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie.

Error: (12/07/2014 11:52:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.

Error: (12/07/2014 11:50:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie.

Error: (12/07/2014 11:37:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa MBAMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (12/07/2014 11:05:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 11:05:00 na ‎2014-‎12-‎07 było nieoczekiwane.

Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/07/2014 11:02:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/07/2014 11:02:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: windirstat.exe1.1.2.8030401d011fc5c5a096f16C:\Program Files (x86)\WinDirStat\windirstat.exeba294275-7def-11e4-9e97-002243c190ce

Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd63c01d011fb779e2ffdC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeb67446df-7dee-11e4-9e97-002243c190ce

Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Windows Surface Scanner.exe1.0.0.14c113abbmsvcrt.dll7.0.7600.163854a5bda6fc00000050000d193ca001d011f3cf84e1c4C:\Users\Mariusz\Desktop\WindowsSurfaceScanner\Windows Surface Scanner.exeC:\Windows\syswow64\msvcrt.dll1f6d9198-7de7-11e4-860a-002243c190ce

Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.16385dec01d0117dc7c2d4070C:\Windows\system32\NOTEPAD.EXE0f7f3df2-7d71-11e4-8e19-002243c190ce

Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-12-07 11:52:03.026
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-07 11:52:03.011
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 55%
Total physical RAM: 4095.11 MB
Available physical RAM: 1820.72 MB
Total Pagefile: 8188.43 MB
Available Pagefile: 5691.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:443.62 GB) NTFS
Drive d: (HBCD152) (CDROM) (Total:2.77 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00059748)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
2014-11-25 19:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-25 19:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-25 19:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-25 15:22 - 2014-11-25 15:22 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-11-25 15:22 - 2014-11-25 15:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-25 15:21 - 2014-11-25 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-11-25 15:21 - 2014-11-25 15:21 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-11-25 15:13 - 2014-11-25 15:13 - 00887896 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dotNetFx40_Client_setup (1).exe
2014-11-25 15:08 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-25 15:07 - 2014-11-25 15:08 - 32507072 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\Windows-KB890830-x64-V5.18.exe
2014-11-25 15:07 - 2014-11-25 15:07 - 00887896 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dotNetFx40_Client_setup.exe
2014-11-25 15:07 - 2014-11-25 15:07 - 00292184 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dxwebsetup.exe
2014-11-25 15:05 - 2014-11-25 15:06 - 26771088 _____ () C:\Users\Mariusz\Downloads\SeaToolsforWindowsSetup.exe
2014-11-25 15:02 - 2014-12-06 16:59 - 00025130 _____ () C:\Users\Mariusz\Downloads\Result.txt
2014-11-25 14:51 - 2014-11-25 14:51 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-25 14:45 - 2014-12-06 21:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 14:45 - 2014-12-06 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 14:45 - 2014-11-25 14:45 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-25 14:45 - 2014-11-25 14:45 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-25 14:44 - 2014-12-06 21:12 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Adobe
2014-11-25 14:26 - 2014-12-07 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 14:26 - 2014-12-07 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 14:26 - 2014-12-06 18:29 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-25 14:26 - 2014-12-06 16:28 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-25 14:26 - 2014-12-06 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-25 14:26 - 2014-12-06 16:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-25 14:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-25 14:26 - 2014-10-01 11:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-25 14:25 - 2014-11-25 14:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mariusz\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-25 14:21 - 2014-12-06 14:21 - 00003880 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1416921688
2014-11-25 14:21 - 2014-11-25 14:21 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-11-25 14:21 - 2014-11-25 14:21 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-11-25 14:21 - 2014-11-25 14:21 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Opera Software
2014-11-25 14:21 - 2014-11-25 14:21 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Opera Software
2014-11-25 14:19 - 2014-12-06 14:21 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-25 14:19 - 2014-11-25 14:19 - 00683464 _____ (Opera Software) C:\Users\Mariusz\Downloads\Opera_NI_stable.exe
2014-11-25 14:16 - 2009-06-26 01:04 - 00067584 _____ (REDC) C:\Windows\system32\Drivers\rimmpx64.sys
2014-11-25 14:16 - 2009-06-26 00:38 - 00057856 _____ (REDC) C:\Windows\system32\Drivers\rixdpx64.sys
2014-11-25 14:16 - 2009-06-26 00:13 - 00055296 _____ (REDC) C:\Windows\system32\Drivers\rimspx64.sys
2014-11-25 14:16 - 2007-07-25 20:48 - 00172032 _____ (Ricoh Company,Ltd) C:\Windows\system32\rixdicon.dll
2014-11-25 14:16 - 2004-09-04 11:00 - 00090112 _____ (Sony Corporation) C:\Windows\system32\snymsico.dll
2014-11-25 14:13 - 2014-11-25 14:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-25 14:12 - 2009-05-11 11:49 - 00081952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-25 14:12 - 2009-05-11 11:49 - 00062976 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\nvapo64v.dll
2014-11-25 14:12 - 2009-05-11 11:48 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-25 14:12 - 2009-05-08 15:50 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda6.exe
2014-11-25 14:12 - 2009-05-08 15:50 - 00159232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda6.dll
2014-11-25 14:12 - 2009-04-26 09:29 - 00001407 _____ () C:\Windows\system32\nvhda.nvu
2014-11-25 14:11 - 2009-06-22 12:28 - 00539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2014-11-25 14:11 - 2009-06-11 10:09 - 00508448 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe
2014-11-25 14:11 - 2009-06-11 10:09 - 00010060 _____ () C:\Windows\system32\nvdisp.nvu
2014-11-25 14:06 - 2009-07-20 17:29 - 00015416 _____ ( ) C:\Windows\system32\Drivers\kbfiltr.sys
2014-11-25 14:05 - 2014-11-25 14:05 - 00004198 _____ () C:\Windows\DPINST.LOG
2014-11-25 14:05 - 2009-08-23 05:24 - 05435904 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETw5v64.sys
2014-11-25 14:04 - 2014-11-25 14:53 - 00000000 ____D () C:\Program Files\ATKGFNEX
2014-11-25 14:04 - 2014-11-25 14:04 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\InstallShield
2014-11-25 14:04 - 2014-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-11-25 14:03 - 2014-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-11-25 13:59 - 2014-12-07 08:22 - 00057960 _____ () C:\Users\Mariusz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-25 13:59 - 2014-11-25 14:30 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\blueconnect
2014-11-25 13:59 - 2014-11-25 13:59 - 00001047 _____ () C:\Users\Public\Desktop\blueconnect.lnk
2014-11-25 13:59 - 2014-11-25 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\blueconnect
2014-11-25 13:59 - 2014-11-25 13:59 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-11-25 13:58 - 2014-11-25 13:59 - 00000000 ____D () C:\ProgramData\DatacardService
2014-11-25 13:58 - 2014-11-25 13:59 - 00000000 ____D () C:\Program Files (x86)\blueconnect
2014-11-25 13:58 - 2014-11-25 13:58 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-11-25 13:58 - 2011-02-25 18:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-11-25 13:58 - 2011-01-30 18:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-11-25 13:58 - 2011-01-30 18:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-11-25 13:58 - 2011-01-30 18:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-11-25 13:58 - 2011-01-30 18:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-11-25 13:58 - 2010-12-24 11:48 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-11-25 13:58 - 2010-12-23 09:48 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2014-11-25 13:58 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-11-25 13:58 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2014-11-25 13:58 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-11-25 13:58 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-11-25 13:58 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-11-25 13:58 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-11-25 13:58 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-11-25 13:57 - 2014-11-25 13:57 - 00001455 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-25 13:57 - 2014-11-25 13:57 - 00001421 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-25 13:57 - 2014-11-25 13:57 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-11-25 13:56 - 2014-11-25 14:49 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\VirtualStore
2014-11-25 13:56 - 2014-11-25 13:57 - 00000000 ____D () C:\Users\Mariusz
2014-11-25 13:56 - 2014-11-25 13:56 - 00000020 ___SH () C:\Users\Mariusz\ntuser.ini
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moje wideo
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moje obrazy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moja muzyka
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Ustawienia lokalne
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Szablony
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Moje dokumenty
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Menu Start
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moje wideo
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moje obrazy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moja muzyka
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Dane aplikacji
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Local\Historia
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Local\Dane aplikacji
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Ustawienia lokalne
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Szablony
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Moje dokumenty
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Menu Start
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moje wideo
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moje obrazy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moja muzyka
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Dane aplikacji
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historia
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dane aplikacji
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje wideo
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje obrazy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moja muzyka
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historia
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dane aplikacji
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Ulubione
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Szablony
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Pulpit
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Menu Start
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Dokumenty
2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 ____D () C:\Recovery
2014-11-25 13:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-25 13:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-25 13:54 - 2014-11-25 13:54 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-11-25 13:53 - 2014-12-07 14:42 - 01817337 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 13:53 - 2014-11-25 13:53 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-11-25 13:53 - 2014-11-25 13:53 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-11-25 13:49 - 2014-11-25 13:56 - 00000000 ____D () C:\Windows\Panther

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 16:09 - 2009-07-14 05:45 - 00016848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 16:09 - 2009-07-14 05:45 - 00016848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 14:10 - 2009-07-14 05:51 - 00034200 _____ () C:\Windows\setupact.log
2014-12-07 11:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-07 11:10 - 2011-04-12 14:21 - 00686324 _____ () C:\Windows\system32\perfh015.dat
2014-12-07 11:10 - 2011-04-12 14:21 - 00131302 _____ () C:\Windows\system32\perfc015.dat
2014-12-07 11:10 - 2009-07-14 06:13 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-07 11:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 11:05 - 2010-11-21 04:47 - 00009842 _____ () C:\Windows\PFRO.log
2014-12-07 08:21 - 2009-07-14 05:45 - 00275536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-06 20:38 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-06 18:13 - 2011-04-12 14:32 - 00000000 ____D () C:\Windows\CSC
2014-12-06 18:08 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini
2014-12-06 17:36 - 2011-04-12 14:32 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-06 17:31 - 2009-07-14 03:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_459
2014-11-29 08:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-27 08:52 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-11-25 14:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-11-25 14:02 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-11-25 13:56 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default
2014-11-25 13:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-25 13:53 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-11-25 13:53 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-25 13:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-25 13:49 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-11-25 13:49 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 10:02

==================== End Of Log ============================

 

[argus]

Sorry, your system is clean.




Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[mario81]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]

SYSNATIVE I cant find that folder.

 

[argus]

I do not understand.

 

[mario81]

I mean there is no such path c : \ windows \ SYSNATIVE \ DRIVERS \ psi_mf_amd64.sys

Przechwytywanie.PNG ?- Folders can see the black , which in my opinion should not be

 

[argus]

System is damaged, I look just malware.

 

[mario81]

newly built Windows , so masks its presence in the system

 

[argus]

Your system is clean, you have a second problem.

 

[mario81]

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-12-07 18:26:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050KTA300 rev.BKFOC60G 465,76GB
Running: m57g1hli.exe; Driver: C:\Users\Mariusz\AppData\Local\Temp\pwriafoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!GetSysColor 0000000076526c3c 5 bytes JMP 000000010045b9d0
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 00000000765335a4 5 bytes JMP 000000010045ba30
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!GetScrollInfo 0000000076534018 7 bytes JMP 000000010045b810
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!SetScrollInfo 00000000765340cf 7 bytes JMP 000000010045b8c0
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!ShowScrollBar 0000000076534162 5 bytes JMP 000000010045b990
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!GetScrollPos 0000000076534234 5 bytes JMP 000000010045b850
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!SetScrollPos 00000000765387a5 5 bytes JMP 000000010045b900
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!EnableScrollBar 0000000076538d3a 7 bytes JMP 000000010045b7d0
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!GetScrollRange 00000000765390c4 5 bytes JMP 000000010045b880
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\USER32.dll!SetScrollRange 000000007654d50b 5 bytes JMP 000000010045b940
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076851465 2 bytes [85, 76]
.text C:\Program Files (x86)\blueconnect\blueconnect.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768514bb 2 bytes [85, 76]
.text ... * 2
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 13 bytes {MOV R11, 0x7fef8a8b0c0; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 00000000772e1370 13 bytes {MOV R11, 0x7feea7f6a68; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000772e1390 13 bytes {MOV R11, 0x7feea7f7c70; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 6 bytes {JMP QWORD [RIP+0x8e7eba0]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather 00000000772e14c0 13 bytes {MOV R11, 0x7feeadfadf8; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter 00000000772e15f0 13 bytes {MOV R11, 0x7feeadfad3c; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile 00000000772e17c0 13 bytes {MOV R11, 0x7feea99338c; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 6 bytes {JMP QWORD [RIP+0x8e9e820]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772e1860 13 bytes {MOV R11, 0x7feea7f785c; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772e2470 13 bytes {MOV R11, 0x7feea7f67e0; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!CopyFileW 00000000770792d0 6 bytes JMP 8d4d2024
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077089b70 13 bytes {MOV R11, 0x7feeab1ee50; JMP R11}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e7b0 6 bytes JMP 0
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077091bb0 6 bytes JMP 60d0000
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!GetThreadSelectorEntry 00000000770c0d10 6 bytes {JMP QWORD [RIP+0x907f320]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!MoveFileW 00000000770ff7f0 6 bytes JMP 0
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!MoveFileA 00000000770ff950 6 bytes JMP 938
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!CopyFileA 0000000077105620 6 bytes JMP 6
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!CreateProcessInternalA 0000000077107b70 6 bytes JMP 8d0060
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077108840 6 bytes JMP 120
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\kernel32.dll!WinExec 0000000077108d80 6 bytes JMP 0
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc 000007fefd501950 6 bytes {JMP QWORD [RIP+0x189e6e0]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefd50a058 3 bytes CALL 32f50000
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!HeapCreate + 1 000007fefd50b9a1 5 bytes {JMP QWORD [RIP+0x1934690]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!VirtualProtect 000007fefd5131e0 6 bytes {JMP QWORD [RIP+0x18ace50]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx 000007fefd513210 6 bytes {JMP QWORD [RIP+0x18ece20]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx 000007fefd5330c0 6 bytes {JMP QWORD [RIP+0x18acf70]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd5330f0 6 bytes {JMP QWORD [RIP+0x18ecf40]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WS2_32.dll!WSAStartup 000007fefe824980 6 bytes {JMP QWORD [RIP+0x42b6b0]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\SHELL32.dll!ShellExecuteW 000007fefd99983c 6 bytes {JMP QWORD [RIP+0xf667f4]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!InternetReadFile 000007fefd863914 6 bytes {JMP QWORD [RIP+0x148c71c]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!InternetOpenUrlA 000007fefd86ba68 6 bytes {JMP QWORD [RIP+0x14645c8]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpSendRequestW 000007fefd873b6c 2 bytes [FF, 25]
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpSendRequestW + 3 000007fefd873b6f 3 bytes [C4, 4B, 01]
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpOpenRequestW 000007fefd88355c 6 bytes {JMP QWORD [RIP+0x13ecad4]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpOpenRequestA 000007fefd883910 6 bytes {JMP QWORD [RIP+0x140c720]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpSendRequestExW 000007fefd8868d8 6 bytes {JMP QWORD [RIP+0x14e9758]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!InternetOpenUrlW 000007fefd8b2c74 6 bytes {JMP QWORD [RIP+0x13fd3bc]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!InternetReadFileExW + 1 000007fefd8b2dc1 5 bytes {JMP QWORD [RIP+0x145d270]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpSendRequestA 000007fefd8cf600 6 bytes {JMP QWORD [RIP+0x1480a30]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\WININET.dll!HttpSendRequestExA 000007fefd8cf694 6 bytes {JMP QWORD [RIP+0x14c099c]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLDownloadToFileW 000007fefd7695e4 6 bytes {JMP QWORD [RIP+0x11b6a4c]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW + 1 000007fefd7696c5 5 bytes {JMP QWORD [RIP+0x11f696c]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLOpenBlockingStreamW 000007fefd7698b0 6 bytes {JMP QWORD [RIP+0x14a6780]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLOpenStreamW 000007fefd76999c 6 bytes {JMP QWORD [RIP+0x1466694]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLDownloadToFileA 000007fefd769b10 6 bytes {JMP QWORD [RIP+0x11d6520]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileA + 1 000007fefd769ca1 5 bytes {JMP QWORD [RIP+0x1216390]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLOpenBlockingStreamA 000007fefd769e10 6 bytes {JMP QWORD [RIP+0x14c6220]}
.text C:\Program Files\Nightly\firefox.exe[2676] C:\Windows\system32\urlmon.dll!URLOpenStreamA + 1 000007fefd769f01 5 bytes {JMP QWORD [RIP+0x1486130]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772e13e0 16 bytes [50, 48, B8, 54, BF, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 6 bytes JMP ec2b40b8
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000772e1550 16 bytes [50, 48, B8, 78, BF, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772e1570 32 bytes [50, 48, B8, 40, C1, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000772e1600 32 bytes [50, 48, B8, 9C, BF, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000772e1640 16 bytes [50, 48, B8, 40, C0, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772e16e0 16 bytes [50, 48, B8, 74, C0, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 6 bytes JMP 73e16e0
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000772e1860 16 bytes [50, 48, B8, CC, BF, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772e22d0 16 bytes [50, 48, B8, 64, C1, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772e2320 16 bytes [50, 48, B8, 1C, C1, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000772e2470 16 bytes [50, 48, B8, 88, C0, 03, 3F, ...]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!CopyFileW 00000000770792d0 6 bytes JMP 0
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e7b0 6 bytes JMP ec2b0b70
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077091bb0 6 bytes JMP 0
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!GetThreadSelectorEntry 00000000770c0d10 6 bytes JMP 907e6f0
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!MoveFileW 00000000770ff7f0 6 bytes JMP 8f9ec80
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!MoveFileA 00000000770ff950 6 bytes JMP ec2b40b8
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!CopyFileA 0000000077105620 6 bytes JMP 8ffaa28
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!CreateProcessInternalA 0000000077107b70 6 bytes JMP 6d0065
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000077108840 6 bytes JMP 6d0075
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\kernel32.dll!WinExec 0000000077108d80 6 bytes JMP eccdfff8
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc 000007fefd501950 6 bytes {JMP QWORD [RIP+0x189e6e0]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefd50a058 3 bytes [B2, 5F, 06]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!HeapCreate + 1 000007fefd50b9a1 5 bytes {JMP QWORD [RIP+0x1934690]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!VirtualProtect 000007fefd5131e0 6 bytes {JMP QWORD [RIP+0x18ace50]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx 000007fefd513210 6 bytes {JMP QWORD [RIP+0x18ece20]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx 000007fefd5330c0 6 bytes {JMP QWORD [RIP+0x18acf70]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd5330f0 6 bytes {JMP QWORD [RIP+0x18ecf40]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WS2_32.dll!WSAStartup 000007fefe824980 6 bytes {JMP QWORD [RIP+0x42b6b0]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!InternetReadFile 000007fefd863914 6 bytes {JMP QWORD [RIP+0x148c71c]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!InternetOpenUrlA 000007fefd86ba68 6 bytes {JMP QWORD [RIP+0x14645c8]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpSendRequestW 000007fefd873b6c 2 bytes [FF, 25]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpSendRequestW + 3 000007fefd873b6f 3 bytes [C4, 4B, 01]
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpOpenRequestW 000007fefd88355c 6 bytes {JMP QWORD [RIP+0x13ecad4]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpOpenRequestA 000007fefd883910 6 bytes {JMP QWORD [RIP+0x140c720]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpSendRequestExW 000007fefd8868d8 6 bytes {JMP QWORD [RIP+0x14e9758]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!InternetOpenUrlW 000007fefd8b2c74 6 bytes {JMP QWORD [RIP+0x13fd3bc]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!InternetReadFileExW + 1 000007fefd8b2dc1 5 bytes {JMP QWORD [RIP+0x145d270]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpSendRequestA 000007fefd8cf600 6 bytes {JMP QWORD [RIP+0x1480a30]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\WININET.dll!HttpSendRequestExA 000007fefd8cf694 6 bytes {JMP QWORD [RIP+0x14c099c]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLDownloadToFileW 000007fefd7695e4 6 bytes {JMP QWORD [RIP+0x11b6a4c]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW + 1 000007fefd7696c5 5 bytes {JMP QWORD [RIP+0x11f696c]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLOpenBlockingStreamW 000007fefd7698b0 6 bytes {JMP QWORD [RIP+0x14a6780]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLOpenStreamW 000007fefd76999c 6 bytes {JMP QWORD [RIP+0x1466694]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLDownloadToFileA 000007fefd769b10 6 bytes {JMP QWORD [RIP+0x11d6520]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileA + 1 000007fefd769ca1 5 bytes {JMP QWORD [RIP+0x1216390]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLOpenBlockingStreamA 000007fefd769e10 6 bytes {JMP QWORD [RIP+0x14c6220]}
.text C:\Program Files\Nightly\plugin-container.exe[3852] C:\Windows\system32\urlmon.dll!URLOpenStreamA + 1 000007fefd769f01 5 bytes {JMP QWORD [RIP+0x1486130]}

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{30290E5E-2966-4B51-A598-09BC403E4AE1}\Connection@Name isatap.{8B89C5E6-5A1C-4B5B-AF23-768569CBDACB}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{438839EC-1992-453E-9190-63067853E229}?\Device\{30290E5E-2966-4B51-A598-09BC403E4AE1}?\Device\{8D5A3030-F062-46DD-BF61-3603F2F15F7F}?\Device\{B794C836-2181-4DD2-8B9B-B1357A4EF5F2}?\Device\{B3C15D4D-1BE4-47BF-884B-96463BFFC39F}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{438839EC-1992-453E-9190-63067853E229}"?"{30290E5E-2966-4B51-A598-09BC403E4AE1}"?"{8D5A3030-F062-46DD-BF61-3603F2F15F7F}"?"{B794C836-2181-4DD2-8B9B-B1357A4EF5F2}"?"{B3C15D4D-1BE4-47BF-884B-96463BFFC39F}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{438839EC-1992-453E-9190-63067853E229}?\Device\TCPIP6TUNNEL_{30290E5E-2966-4B51-A598-09BC403E4AE1}?\Device\TCPIP6TUNNEL_{8D5A3030-F062-46DD-BF61-3603F2F15F7F}?\Device\TCPIP6TUNNEL_{B794C836-2181-4DD2-8B9B-B1357A4EF5F2}?\Device\TCPIP6TUNNEL_{B3C15D4D-1BE4-47BF-884B-96463BFFC39F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{30290E5E-2966-4B51-A598-09BC403E4AE1}@InterfaceName isatap.{8B89C5E6-5A1C-4B5B-AF23-768569CBDACB}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{30290E5E-2966-4B51-A598-09BC403E4AE1}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 391
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 104

---- EOF - GMER 2.1 ----

Pleae tell me what is a problem.