Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Asus n50vn rootkit
Message
<blockquote data-quote="mario81" data-source="post: 311180" data-attributes="member: 31549"><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version: v2014.11.18.05</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 8.0.7601.17514</p><p>Mariusz :: MARIUSZ-ASUS [administrator]</p><p></p><p>2014-12-07 11:40:05</p><p>mbar-log-2014-12-07 (11-40-05).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled:</p><p>Objects scanned: 314426</p><p>Time elapsed: 17 minute(s), 3 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7601.17514</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.500000 GHz</p><p>Memory total: 4294037504, free: 2402488320</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7601.17514</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.500000 GHz</p><p>Memory total: 4294037504, free: 2421252096</p><p></p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 12/06/2014 16:44:25</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\vmstorfl.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\system32\drivers\csc.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\nvlddmkm.sys</p><p>\SystemRoot\system32\DRIVERS\nvBridge.kmd</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\netw5v64.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\1394ohci.sys</p><p>\SystemRoot\system32\DRIVERS\sdbus.sys</p><p>\SystemRoot\system32\DRIVERS\rimmpx64.sys</p><p>\SystemRoot\system32\DRIVERS\rimspx64.sys</p><p>\SystemRoot\system32\DRIVERS\rixdpx64.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbfiltr.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\ATK64AMD.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\msiscsi.sys</p><p>\SystemRoot\system32\DRIVERS\storport.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\rdpbus.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\ew_jubusenum.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\HdAudio.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\nvhda64v.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\cdfs.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_msahci.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\DRIVERS\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\bthmodem.sys</p><p>\SystemRoot\system32\drivers\modem.sys</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\spsys.sys</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\system32\DRIVERS\asyncmac.sys</p><p>\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys</p><p>\SystemRoot\system32\DRIVERS\KeyCrypt64.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa8007327060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000095\</p><p>Lower Device Object: 0xfffffa8006c0e060</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8004bf4060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xfffffa80046d6680</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8004bf4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8004bf4ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8004bf4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 59748</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 976564224</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 500107862016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 1, DevicePointer: 0xfffffa8007327060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8006b88040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8007327060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8006c0e060, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7601.17514</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.500000 GHz</p><p>Memory total: 4294037504, free: 2905636864</p><p></p><p>Downloaded database version: v2014.12.06.07</p><p>Downloaded database version: v2014.12.03.01</p><p>Downloaded database version: v2014.12.06.01</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>Initializing...</p><p>======================</p><p>------------ Kernel report ------------</p><p> 12/06/2014 18:30:26</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\vmstorfl.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\ws2ifsl.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\system32\drivers\csc.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\nvlddmkm.sys</p><p>\SystemRoot\system32\DRIVERS\nvBridge.kmd</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\netw5v64.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\1394ohci.sys</p><p>\SystemRoot\system32\DRIVERS\sdbus.sys</p><p>\SystemRoot\system32\DRIVERS\rimmpx64.sys</p><p>\SystemRoot\system32\DRIVERS\rimspx64.sys</p><p>\SystemRoot\system32\DRIVERS\rixdpx64.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbfiltr.sys</p><p>\SystemRoot\system32\DRIVERS\KeyCrypt64.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\ATK64AMD.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\msiscsi.sys</p><p>\SystemRoot\system32\DRIVERS\storport.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\rdpbus.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\ew_jubusenum.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\HdAudio.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\nvhda64v.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_msahci.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\System32\Drivers\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\system32\DRIVERS\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys</p><p>\SystemRoot\system32\drivers\modem.sys</p><p>\SystemRoot\system32\DRIVERS\bthmodem.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys</p><p>\SystemRoot\system32\DRIVERS\cdfs.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\system32\drivers\spsys.sys</p><p>\SystemRoot\system32\DRIVERS\asyncmac.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa8004cb73e0</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000081\</p><p>Lower Device Object: 0xfffffa8004cfab60</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8004c1c5f0</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xfffffa80046b7060</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8004c1c5f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8004c1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8004c1c5f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80046ba4f0, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa80046b7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 59748</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 976564224</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 500107862016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 1, DevicePointer: 0xfffffa8004cb73e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8006596b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8004cb73e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8004cfab60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7601.17514</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.500000 GHz</p><p>Memory total: 4294037504, free: 2197168128</p><p></p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7601.17514</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.500000 GHz</p><p>Memory total: 4294037504, free: 2510094336</p><p></p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 12/07/2014 11:39:54</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\vmstorfl.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\ws2ifsl.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\gwdrv.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS</p><p>\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\system32\drivers\csc.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\nvlddmkm.sys</p><p>\SystemRoot\system32\DRIVERS\nvBridge.kmd</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\netw5v64.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\1394ohci.sys</p><p>\SystemRoot\system32\DRIVERS\sdbus.sys</p><p>\SystemRoot\system32\DRIVERS\rimmpx64.sys</p><p>\SystemRoot\system32\DRIVERS\rimspx64.sys</p><p>\SystemRoot\system32\DRIVERS\rixdpx64.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbfiltr.sys</p><p>\SystemRoot\system32\DRIVERS\KeyCrypt64.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\ATK64AMD.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\msiscsi.sys</p><p>\SystemRoot\system32\DRIVERS\storport.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\rdpbus.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\ew_jubusenum.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\HdAudio.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\nvhda64v.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\cdfs.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_msahci.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\system32\DRIVERS\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\bthmodem.sys</p><p>\SystemRoot\system32\drivers\modem.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\system32\drivers\spsys.sys</p><p>\SystemRoot\system32\DRIVERS\asyncmac.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa8006cea570</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000099\</p><p>Lower Device Object: 0xfffffa8006cdf330</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8004c3e730</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xfffffa80046d6680</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8004c3e180, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 59748</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 976564224</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 500107862016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 1, DevicePointer: 0xfffffa8006cea570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8006ce7040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8006cea570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8006cdf330, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.7601.17514</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.500000 GHz</p><p>Memory total: 4294037504, free: 1889345536</p><p></p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 12/07/2014 17:26:17</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\vmstorfl.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\ws2ifsl.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS</p><p>\??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\system32\drivers\csc.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\nvlddmkm.sys</p><p>\SystemRoot\system32\DRIVERS\nvBridge.kmd</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\netw5v64.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\1394ohci.sys</p><p>\SystemRoot\system32\DRIVERS\sdbus.sys</p><p>\SystemRoot\system32\DRIVERS\rimmpx64.sys</p><p>\SystemRoot\system32\DRIVERS\rimspx64.sys</p><p>\SystemRoot\system32\DRIVERS\rixdpx64.sys</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbfiltr.sys</p><p>\SystemRoot\system32\DRIVERS\KeyCrypt64.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\ATK64AMD.sys</p><p>\SystemRoot\system32\DRIVERS\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\msiscsi.sys</p><p>\SystemRoot\system32\DRIVERS\storport.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\rdpbus.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\ew_jubusenum.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\HdAudio.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\nvhda64v.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\cdfs.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_msahci.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\Drivers\BTHUSB.sys</p><p>\SystemRoot\System32\Drivers\bthport.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\DRIVERS\rfcomm.sys</p><p>\SystemRoot\system32\DRIVERS\BthEnum.sys</p><p>\SystemRoot\system32\DRIVERS\bthpan.sys</p><p>\SystemRoot\system32\DRIVERS\bthmodem.sys</p><p>\SystemRoot\system32\drivers\modem.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\drivers\spsys.sys</p><p>\SystemRoot\system32\DRIVERS\asyncmac.sys</p><p>\??\C:\Windows\system32\Drivers\PROCEXP113.SYS</p><p>\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys</p><p>\SystemRoot\system32\DRIVERS\gwdrv.sys</p><p>\??\C:\Users\Mariusz\AppData\Local\Temp\pwriafoc.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\msasn1.dll</p><p>\Windows\SysWOW64\normaliz.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8004c3e730</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xfffffa80046d6680</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8004c3e180, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 59748</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 976564224</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 500107862016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01</p><p>Ran by Mariusz (administrator) on MARIUSZ-ASUS on 07-12-2014 16:27:34</p><p>Running from C:\Users\Mariusz\Downloads</p><p>Loaded Profile: Mariusz (Available profiles: Mariusz)</p><p>Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe</p><p>(Seifert) C:\Program Files (x86)\WinDirStat\windirstat.exe</p><p>(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe</p><p>() C:\Program Files (x86)\blueconnect\blueconnect.exe</p><p>(Huawei Technologies Co., Ltd.) C:\Users\Mariusz\AppData\Roaming\blueconnect\ouc.exe</p><p>(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(Malwarebytes Corporation) C:\Program Files )\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Malwarebytes Corporation) C:\Program Files )\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe</p><p>(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe</p><p>(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe</p><p>(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe</p><p>(OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.scr</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)</p><p>HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2558776 2014-12-04] (Malwarebytes Corporation)</p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [HijackThis startup scan] => C:\Users\Mariusz\Desktop\HijackThis\HijackThis.exe [1306624 2011-04-11] (Trend Micro Inc.)</p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [SUPERAntiSpyware] => C:\Users\Mariusz\Desktop\SuperAntiSpyware\PROGRAM64.COM [5500800 2011-10-17] (SUPERAntiSpyware.com)</p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [HW_OPENEYE_OUC_blueconnect] => C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe [116064 2011-03-26] (Huawei Technologies Co., Ltd.)</p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9474344 2014-11-06] (SecureMix LLC)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome</a></p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com" target="_blank">http://www.msn.com</a></p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x84F5C445B208D001</p><p>HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/" target="_blank">http://www.msn.com/</a></p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)</p><p>Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)</p><p>Tcpip\..\Interfaces\{8B89C5E6-5A1C-4B5B-AF23-768569CBDACB}: [NameServer] 89.108.202.20 89.108.195.20</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()</p><p>FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\<a href="mailto:adblockpopups@jessehakanen.net.xpi">adblockpopups@jessehakanen.net.xpi</a> [2014-12-06]</p><p>FF Extension: Bluhell Firewall - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-12-06]</p><p>FF Extension: Cert Alert - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{c45ac2c6-14d5-11df-844d-001f16155cce}.xpi [2014-12-06]</p><p>FF Extension: SoundCloud Downloader - Technowise - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-12-06]</p><p>FF Extension: Adblock Plus - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06]</p><p>FF Extension: Adblock Edge - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-06]</p><p>FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe</p><p></p><p>Chrome:</p><p>=======</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6279976 2014-11-06] (SecureMix LLC)</p><p>S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()</p><p>R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [544056 2014-12-04] (Malwarebytes Corporation)</p><p>R2 MBAMScheduler; C:\Program Files )\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files )\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)</p><p>S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)</p><p>S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()</p><p>R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-04] ()</p><p>R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2014-11-05] (SecureMix LLC)</p><p>R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )</p><p>R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [71400 2014-11-28] (Zemana Ltd.)</p><p>R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-12-06] (Malwarebytes Corporation)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-07] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)</p><p>S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)</p><p>R1 SASDIFSV; C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>R1 SASKUTIL; C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)</p><p>U3 catchme; \??\C:\ComboFix\catchme.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-07 16:25 - 2014-12-07 16:25 - 00368705 _____ () C:\Users\Mariusz\Downloads\gm.zip</p><p>2014-12-07 16:24 - 2014-12-07 16:27 - 00009068 _____ () C:\Users\Mariusz\Downloads\FRST.txt</p><p>2014-12-07 16:24 - 2014-12-07 16:27 - 00000000 ____D () C:\FRST</p><p>2014-12-07 16:24 - 2014-12-07 16:25 - 00023099 _____ () C:\Users\Mariusz\Downloads\Addition.txt</p><p>2014-12-07 16:24 - 2014-12-07 16:24 - 00602112 _____ (OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.scr</p><p>2014-12-07 16:22 - 2014-12-07 16:23 - 02119680 _____ (Farbar) C:\Users\Mariusz\Downloads\FRST64.exe</p><p>2014-12-07 14:45 - 2014-12-07 14:45 - 00001873 _____ () C:\Users\Mariusz\Desktop\GlassWire.lnk</p><p>2014-12-07 14:45 - 2014-12-07 14:45 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0</p><p>2014-12-07 14:45 - 2014-12-07 14:45 - 00000000 ____D () C:\Program Files (x86)\GlassWire</p><p>2014-12-07 11:55 - 2014-12-07 11:55 - 00013838 _____ () C:\ComboFix.txt</p><p>2014-12-07 11:46 - 2014-12-07 11:55 - 00000000 ____D () C:\Qoobox</p><p>2014-12-07 11:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe</p><p>2014-12-07 11:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe</p><p>2014-12-07 11:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe</p><p>2014-12-07 11:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe</p><p>2014-12-07 11:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe</p><p>2014-12-07 11:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe</p><p>2014-12-07 11:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe</p><p>2014-12-07 11:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe</p><p>2014-12-07 11:45 - 2014-12-07 11:45 - 05600430 ____R (Swearware) C:\Users\Mariusz\Downloads\ComboFix.exe</p><p>2014-12-07 11:41 - 2014-12-07 11:41 - 00000000 ____D () C:\Program Files )</p><p>2014-12-07 11:41 - 2014-10-01 11:20 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-GJ4SP.tmp</p><p>2014-12-07 11:41 - 2014-10-01 11:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-HRU1D.tmp</p><p>2014-12-07 11:35 - 2014-12-07 11:36 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Mariusz\Downloads\mbam-setup.exe</p><p>2014-12-07 11:34 - 2014-12-07 11:35 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Mariusz\Downloads\mbar-1.08.2.1001(1).exe</p><p>2014-12-07 10:43 - 2014-12-07 10:43 - 00000000 ____D () C:\Users\Mariusz\Desktop\Undelete</p><p>2014-12-07 10:35 - 2014-12-07 10:35 - 02774272 _____ () C:\Users\Mariusz\Downloads\avg_remover_parite.exe</p><p>2014-12-07 10:32 - 2014-12-07 10:32 - 02774272 _____ () C:\Users\Mariusz\Downloads\rmmabez.exe</p><p>2014-12-07 09:52 - 2014-12-07 09:52 - 00000016 __RSH () C:\Recycled</p><p>2014-12-07 09:46 - 2014-12-07 09:46 - 00001084 _____ () C:\CSDefault.cst</p><p>2014-12-07 09:22 - 2014-12-07 09:27 - 00000000 ____D () C:\Users\Mariusz\Desktop\AviraAntiVir</p><p>2014-12-07 09:19 - 2014-12-07 09:20 - 00000000 ____D () C:\Users\Mariusz\Documents\AIDA64 Reports</p><p>2014-12-07 09:12 - 2014-12-07 10:17 - 00000000 ____D () C:\Users\Mariusz\Desktop\AIDA64</p><p>2014-12-07 09:08 - 2014-12-06 18:09 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20141207-090824.backup</p><p>2014-12-07 09:01 - 2014-12-07 09:01 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\SUPERAntiSpyware.com</p><p>2014-12-07 09:01 - 2014-12-07 09:01 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com</p><p>2014-12-07 08:50 - 2014-12-07 08:50 - 00000000 ____D () C:\Users\Mariusz\Desktop\WindowsSurfaceScanner</p><p>2014-12-07 08:49 - 2014-12-07 09:00 - 00000000 ____D () C:\Users\Mariusz\Desktop\TrueCrypt</p><p>2014-12-07 08:49 - 2014-12-07 08:49 - 00000000 ____D () C:\Users\Mariusz\Desktop\SuperAntiSpyware</p><p>2014-12-07 08:48 - 2014-12-07 09:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy</p><p>2014-12-07 08:48 - 2014-12-07 08:48 - 00000000 ____D () C:\Users\Mariusz\Desktop\SpybotSD</p><p>2014-12-07 08:47 - 2014-12-07 08:47 - 00000000 ____D () C:\Users\Mariusz\Desktop\SoftPerfectNetworkScanner</p><p>2014-12-07 08:44 - 2014-12-07 08:44 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-12-07 08:42 - 2014-12-07 11:06 - 00000000 ____D () C:\Users\Mariusz\Desktop\HijackThis</p><p>2014-12-07 08:24 - 2014-12-07 08:24 - 00000000 ____D () C:\Users\Mariusz\Desktop\DefaultKeyboardPatch</p><p>2014-12-07 07:08 - 2014-12-07 07:08 - 00164134 _____ () C:\Users\Mariusz\Downloads\sk.zip</p><p>2014-12-07 07:08 - 2014-12-07 07:08 - 00000000 ____D () C:\Users\Mariusz\Desktop\sk</p><p>2014-12-07 04:27 - 2014-12-07 04:27 - 00003384 _____ () C:\Users\Mariusz\Downloads\index(2).html</p><p>2014-12-07 04:27 - 2014-12-07 04:27 - 00002928 _____ () C:\Users\Mariusz\Downloads\index(1).html</p><p>2014-12-07 04:26 - 2014-12-07 04:26 - 00001016 _____ () C:\Users\Mariusz\Downloads\index.html</p><p>2014-12-07 04:24 - 2014-12-07 04:24 - 00000000 ____D () C:\Users\Mariusz\Desktop\listingi</p><p>2014-12-07 04:23 - 2014-12-07 04:23 - 01941064 _____ () C:\Users\Mariusz\Downloads\winrar-x64-520.exe</p><p>2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\WinRAR</p><p>2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR</p><p>2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR</p><p>2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Program Files\WinRAR</p><p>2014-12-07 04:22 - 2014-12-07 04:22 - 25514493 _____ () C:\Users\Mariusz\Downloads\listingi.rar</p><p>2014-12-06 21:14 - 2014-12-06 21:14 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Macromedia</p><p>2014-12-06 21:14 - 2014-12-06 21:14 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Adobe</p><p>2014-12-06 20:43 - 2014-12-06 20:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Mozilla</p><p>2014-12-06 20:43 - 2014-12-06 20:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Mozilla</p><p>2014-12-06 20:43 - 2014-12-06 20:43 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk</p><p>2014-12-06 20:43 - 2014-12-06 20:43 - 00000862 _____ () C:\Users\Public\Desktop\Nightly.lnk</p><p>2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\ProgramData\Mozilla</p><p>2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\Program Files\Nightly</p><p>2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-12-06 20:42 - 2014-12-06 20:43 - 43329168 _____ () C:\Users\Mariusz\Downloads\firefox-37.0a1.en-US.win64-x86_64.installer.exe</p><p>2014-12-06 18:44 - 2014-12-06 18:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\GlassWire</p><p>2014-12-06 18:44 - 2014-12-06 18:44 - 00000000 ____D () C:\ProgramData\GlassWire</p><p>2014-12-06 18:44 - 2014-11-05 06:54 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat</p><p>2014-12-06 18:44 - 2014-11-05 06:41 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys</p><p>2014-12-06 18:42 - 2014-12-06 18:48 - 00000000 ____D () C:\Users\Mariusz\Desktop\Nowy folder</p><p>2014-12-06 18:42 - 2014-12-06 18:42 - 00084917 _____ () C:\Users\Mariusz\Downloads\bluescreenview-x64.zip</p><p>2014-12-06 18:40 - 2014-12-06 18:42 - 16338360 _____ (SecureMix LLC) C:\Users\Mariusz\Downloads\GlassWireSetup.exe</p><p>2014-12-06 18:10 - 2014-12-06 18:10 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute</p><p>2014-12-06 17:43 - 2014-12-06 17:48 - 00000000 ____D () C:\Windows\erdnt</p><p>2014-12-06 17:41 - 2014-12-06 17:41 - 00000000 ____D () C:\Users\Mariusz\Downloads\vba32arkit</p><p>2014-12-06 17:39 - 2014-12-07 11:08 - 00000000 ____D () C:\Users\Mariusz\Downloads\TMRBLog</p><p>2014-12-06 17:39 - 2014-12-06 17:40 - 00002122 _____ () C:\Users\Mariusz\Desktop\Rkill.txt</p><p>2014-12-06 17:28 - 2014-12-06 17:28 - 08656400 _____ (Trend Micro Inc.) C:\Users\Mariusz\Downloads\RootkitBuster_v5_1061.exe</p><p>2014-12-06 17:28 - 2014-12-06 17:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mariusz\Downloads\rkill.com</p><p>2014-12-06 17:27 - 2014-12-06 17:27 - 00464491 _____ () C:\Users\Mariusz\Downloads\RootRepeal.zip</p><p>2014-12-06 17:25 - 2014-12-06 17:25 - 01472131 _____ () C:\Users\Mariusz\Downloads\vba32arkit.zip</p><p>2014-12-06 17:19 - 2014-12-06 17:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MARIUSZ-ASUS-Microsoft-Windows-7-Professional-(64-bit).dat</p><p>2014-12-06 17:18 - 2014-12-06 17:18 - 00000000 ____D () C:\RegBackup</p><p>2014-12-06 17:12 - 2014-12-06 17:12 - 00003304 _____ () C:\bootsqm.dat</p><p>2014-12-06 17:04 - 2014-12-06 17:04 - 00003170 _____ () C:\Windows\System32\Tasks\{560E3CD8-BAF3-4E80-A885-17F4DA9CF338}</p><p>2014-12-06 16:58 - 2014-12-06 16:58 - 00001035 _____ () C:\Users\Mariusz\Desktop\WinDirStat.lnk</p><p>2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat</p><p>2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat</p><p>2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\Program Files (x86)\WinDirStat</p><p>2014-12-06 16:57 - 2014-12-06 16:57 - 00645729 _____ (WDS Team) C:\Users\Mariusz\Downloads\windirstat1_1_2_setup.exe</p><p>2014-12-06 16:57 - 2014-12-06 16:57 - 00401920 _____ (Farbar) C:\Users\Mariusz\Downloads\MiniToolBox (1).exe</p><p>2014-12-06 16:55 - 2014-12-06 16:55 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Mariusz\Downloads\ADSSpy.exe</p><p>2014-12-06 16:55 - 2014-12-06 16:55 - 00000194 _____ () C:\Users\Mariusz\Downloads\hosts-perm.bat</p><p>2014-12-06 16:54 - 2014-12-06 16:54 - 00145237 _____ () C:\Users\Mariusz\Downloads\ntregopt.zip</p><p>2014-12-06 16:54 - 2014-12-06 16:54 - 00000000 ____D () C:\Users\Mariusz\Downloads\ntregopt</p><p>2014-12-06 16:53 - 2014-12-06 17:06 - 04025858 _____ () C:\Users\Mariusz\Downloads\EmsisoftEmergencyKit.exe.opdownload</p><p>2014-12-06 16:49 - 2014-12-06 16:49 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk</p><p>2014-12-06 16:49 - 2014-12-06 16:49 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Secunia PSI</p><p>2014-12-06 16:49 - 2014-12-06 16:49 - 00000000 ____D () C:\Program Files (x86)\Secunia</p><p>2014-12-06 16:48 - 2014-12-06 16:48 - 00002163 _____ () C:\Users\Mariusz\Desktop\Tweaking.com - Windows Repair (All in One).lnk</p><p>2014-12-06 16:48 - 2014-12-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com</p><p>2014-12-06 16:48 - 2014-12-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com</p><p>2014-12-06 16:47 - 2014-12-06 16:47 - 09817304 _____ () C:\Users\Mariusz\Downloads\tweaking.com_windows_repair_aio_setup.exe</p><p>2014-12-06 16:47 - 2014-12-06 16:47 - 05490752 _____ (Secunia) C:\Users\Mariusz\Downloads\PSISetup.exe</p><p>2014-12-06 16:44 - 2014-12-07 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2014-12-06 16:43 - 2014-12-07 11:57 - 00000000 ____D () C:\Users\Mariusz\Desktop\mbar</p><p>2014-12-06 16:42 - 2014-12-06 16:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Mariusz\Downloads\mbar-1.08.2.1001.exe</p><p>2014-12-06 16:36 - 2014-12-06 16:36 - 00001144 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk</p><p>2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\AntiLogger Free</p><p>2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free</p><p>2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free</p><p>2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK</p><p>2014-12-06 16:36 - 2014-11-28 12:15 - 00071400 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys</p><p>2014-12-06 16:35 - 2014-12-06 16:35 - 03453640 _____ (Zemana Ltd. ) C:\Users\Mariusz\Downloads\AntiLoggerFree_Setup.exe</p><p>2014-12-06 16:35 - 2014-12-06 16:35 - 00000000 ____D () C:\Users\Mariusz\Downloads\data</p><p>2014-12-06 16:34 - 2014-12-06 16:34 - 00332171 _____ () C:\Users\Mariusz\Downloads\GiveMePower-v2.0.exe</p><p>2014-12-06 16:34 - 2014-06-19 11:17 - 00414720 _____ () C:\Users\Mariusz\Downloads\GiveMePower.exe</p><p>2014-12-06 16:34 - 2014-06-19 11:17 - 00038400 _____ () C:\Users\Mariusz\Downloads\GiveMePower.pdb</p><p>2014-12-06 16:33 - 2014-12-06 16:33 - 00009506 _____ () C:\HijackPatrol.log</p><p>2014-12-06 16:32 - 2014-12-06 19:41 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\WinPatrol</p><p>2014-12-06 16:32 - 2014-12-06 16:32 - 01156136 _____ (Ruiware) C:\Users\Mariusz\Downloads\wpsetup.exe</p><p>2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol</p><p>2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\ProgramData\InstallMate</p><p>2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\Program Files (x86)\Ruiware</p><p>2014-12-06 16:23 - 2014-12-06 16:23 - 00006706 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF (1).torrent</p><p>2014-12-06 16:21 - 2014-12-07 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit</p><p>2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF</p><p>2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit</p><p>2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit</p><p>2014-12-06 16:20 - 2014-12-06 16:20 - 00006706 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF.torrent</p><p>2014-12-06 16:19 - 2014-12-06 16:19 - 00001444 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Exploit.Premium.v1.05.1.1015.Final-FFF.torrent</p><p>2014-12-06 16:19 - 2014-12-06 16:19 - 00000857 _____ () C:\Users\Mariusz\Desktop\µTorrent.lnk</p><p>2014-12-06 16:19 - 2014-12-06 16:19 - 00000837 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk</p><p>2014-12-06 16:19 - 2014-12-06 16:19 - 00000000 ____D () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Exploit.Premium.v1.05.1.1015.Final-FFF</p><p>2014-12-06 16:18 - 2014-12-06 17:06 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\uTorrent</p><p>2014-12-06 16:18 - 2014-12-06 16:18 - 01682512 _____ (BitTorrent Inc.) C:\Users\Mariusz\Downloads\uTorrent.exe</p><p>2014-12-06 13:50 - 2014-12-06 13:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\06E03FF8.sys</p><p>2014-12-05 20:08 - 2014-12-06 18:21 - 00000000 ____D () C:\ProgramData\Skype</p><p>2014-12-05 20:08 - 2014-12-05 20:08 - 00003130 _____ () C:\Windows\System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013}</p><p>2014-12-05 20:06 - 2014-12-05 20:06 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Mariusz\Downloads\SkypeSetup.exe</p><p>2014-11-28 13:02 - 2014-11-28 13:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys</p><p>2014-11-28 08:33 - 2014-11-28 08:33 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll</p><p>2014-11-25 19:39 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll</p><p>2014-11-25 19:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01</p><p>Ran by Mariusz at 2014-12-07 16:28:09</p><p>Running from C:\Users\Mariusz\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>µTorrent (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)</p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.240 - Adobe Systems Incorporated)</p><p>AntiLogger Free version 1.8.2.24 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.24 - Zemana Ltd.)</p><p>ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)</p><p>ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)</p><p>ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)</p><p>blueconnect (HKLM-x32\...\blueconnect) (Version: 11.302.09.27.49 - Huawei Technologies Co.,Ltd)</p><p>GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.30 - SecureMix LLC)</p><p>Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes)</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0a1 - Mozilla)</p><p>Nightly 37.0a1 (x64 en-US) (HKLM\...\Nightly 37.0a1 (x64 en-US)) (Version: 37.0a1 - Mozilla)</p><p>NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)</p><p>Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)</p><p>Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)</p><p>SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)</p><p>Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)</p><p>Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)</p><p>WinDirStat 1.1.2 (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\WinDirStat) (Version: - )</p><p>WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)</p><p>WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>25-11-2014 13:02:47 Installed ATK Hotkey</p><p>25-11-2014 13:03:49 Installed ATK Media</p><p>25-11-2014 13:04:11 Installed ATK Generic Function Service</p><p>25-11-2014 14:14:44 Windows Update</p><p>25-11-2014 14:21:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106</p><p>25-11-2014 18:38:24 Windows Update</p><p>06-12-2014 16:44:12 ComboFix created restore point</p><p>06-12-2014 17:32:47 Windows Update</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-14 03:34 - 2014-12-07 11:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts</p><p>127.0.0.1 localhost</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {5416E9A3-BFE1-4B01-B72E-CDDC8273B985} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)</p><p>Task: {5F15C5AF-A49F-48EE-A1FA-065B987DCB0B} - System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013} => c:\program files (x86)\opera\launcher.exe [2014-11-25] (Opera Software)</p><p>Task: {B642009A-2D27-4045-800A-14401979BC9D} - System32\Tasks\Opera scheduled Autoupdate 1416921688 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software)</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2014-11-25 13:58 - 2011-05-05 15:13 - 00120160 _____ () C:\Program Files (x86)\blueconnect\blueconnect.exe</p><p>2014-12-06 21:11 - 2014-12-06 21:11 - 23043248 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:59 - 00020320 _____ () C:\Program Files (x86)\blueconnect\isaputrace.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:54 - 00128352 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrPlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\NetInfoPlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:54 - 00095584 _____ () C:\Program Files (x86)\blueconnect\DialUpPlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:53 - 00071008 _____ () C:\Program Files (x86)\blueconnect\ConfigFilePlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:55 - 01025376 _____ () C:\Program Files (x86)\blueconnect\NDISAPI.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:54 - 00161120 _____ () C:\Program Files (x86)\blueconnect\DetectDev.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:53 - 00566624 _____ () C:\Program Files (x86)\blueconnect\atcomm.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:56 - 00066912 _____ () C:\Program Files (x86)\blueconnect\XCodec.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:54 - 00066912 _____ () C:\Program Files (x86)\blueconnect\DeviceOperate.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\LocaleMgrPlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:55 - 00038240 _____ () C:\Program Files (x86)\blueconnect\NotifyServicePlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:58 - 00095584 _____ () C:\Program Files (x86)\blueconnect\FileManager.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:55 - 00165216 _____ () C:\Program Files (x86)\blueconnect\SMSPlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:54 - 00243040 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrUIPlugin.dll</p><p>2014-11-25 13:58 - 2011-03-26 16:56 - 00071008 _____ () C:\Program Files (x86)\blueconnect\SpeedManagerPlugin.dll</p><p>2014-11-06 08:08 - 2014-11-06 08:08 - 00893224 _____ () C:\Program Files (x86)\GlassWire\platforms\qwindows.dll</p><p>2014-11-06 08:08 - 2014-11-06 08:08 - 00030504 _____ () C:\Program Files (x86)\GlassWire\imageformats\qico.dll</p><p>2014-11-06 08:08 - 2014-11-06 08:08 - 00248104 _____ () C:\Program Files (x86)\GlassWire\imageformats\qjpeg.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3</p><p>MSCONFIG\Services: ASLDRService => 2</p><p>MSCONFIG\Services: HWDeviceService64.exe => 2</p><p>MSCONFIG\Services: MbaeSvc => 2</p><p>MSCONFIG\Services: MBAMScheduler => 2</p><p>MSCONFIG\Services: MBAMService => 2</p><p>MSCONFIG\Services: nvsvc => 2</p><p>MSCONFIG\Services: Secunia PSI Agent => 3</p><p>MSCONFIG\Services: Secunia Update Agent => 2</p><p>MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe</p><p>MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe</p><p>MSCONFIG\startupreg: HW_OPENEYE_OUC_blueconnect => "C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe"</p><p>MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe</p><p>MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup</p><p>MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot</p><p>MSCONFIG\startupreg: ZALFree => "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-2376877967-2081922626-2068000606-500 - Administrator - Disabled)</p><p>Gość (S-1-5-21-2376877967-2081922626-2068000606-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-2376877967-2081922626-2068000606-1002 - Limited - Enabled)</p><p>Mariusz (S-1-5-21-2376877967-2081922626-2068000606-1000 - Administrator - Enabled) => C:\Users\Mariusz</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Urządzenie pamięci masowej USB</p><p>Description: Urządzenie pamięci masowej USB</p><p>Class Guid: {36fc9e60-c465-11cf-8056-444553540000}</p><p>Manufacturer: Zgodne urządzenie magazynujące USB</p><p>Service: USBSTOR</p><p>Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)</p><p>Resolution: The driver could not be loaded because a previous instance is still loaded.</p><p>Restart the computer.</p><p></p><p>Name: Zewnętrzne urządzenie Bluetooth</p><p>Description: Zewnętrzne urządzenie Bluetooth</p><p>Class Guid:</p><p>Manufacturer:</p><p>Service:</p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p>Name: Fingerprint Sensor </p><p>Description: Fingerprint Sensor </p><p>Class Guid:</p><p>Manufacturer:</p><p>Service:</p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p>Name: Zewnętrzne urządzenie Bluetooth</p><p>Description: Zewnętrzne urządzenie Bluetooth</p><p>Class Guid:</p><p>Manufacturer:</p><p>Service:</p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p>Name: Urządzenie pamięci masowej USB</p><p>Description: Urządzenie pamięci masowej USB</p><p>Class Guid: {36fc9e60-c465-11cf-8056-444553540000}</p><p>Manufacturer: Zgodne urządzenie magazynujące USB</p><p>Service: USBSTOR</p><p>Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)</p><p>Resolution: The driver could not be loaded because a previous instance is still loaded.</p><p>Restart the computer.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: Program windirstat.exe w wersji 1.1.2.80 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.</p><p></p><p>Identyfikator procesu: 304</p><p></p><p>Godzina rozpoczęcia: 01d011fc5c5a096f</p><p></p><p>Godzina zakończenia: 16</p><p></p><p>Ścieżka aplikacji: C:\Program Files (x86)\WinDirStat\windirstat.exe</p><p></p><p>Identyfikator raportu: ba294275-7def-11e4-9e97-002243c190ce</p><p></p><p>Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Nazwa aplikacji powodującej błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa</p><p>Nazwa modułu powodującego błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa</p><p>Kod wyjątku: 0xc0000005</p><p>Przesunięcie błędu: 0x000040cd</p><p>Identyfikator procesu powodującego błąd: 0x63c</p><p>Godzina uruchomienia aplikacji powodującej błąd: 0xRootkitRevealer.exe0</p><p>Ścieżka aplikacji powodującej błąd: RootkitRevealer.exe1</p><p>Ścieżka modułu powodującego błąd: RootkitRevealer.exe2</p><p>Identyfikator raportu: RootkitRevealer.exe3</p><p></p><p>Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Nazwa aplikacji powodującej błąd: Windows Surface Scanner.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x4c113abb</p><p>Nazwa modułu powodującego błąd: msvcrt.dll, wersja: 7.0.7600.16385, sygnatura czasowa: 0x4a5bda6f</p><p>Kod wyjątku: 0xc0000005</p><p>Przesunięcie błędu: 0x0000d193</p><p>Identyfikator procesu powodującego błąd: 0xca0</p><p>Godzina uruchomienia aplikacji powodującej błąd: 0xWindows Surface Scanner.exe0</p><p>Ścieżka aplikacji powodującej błąd: Windows Surface Scanner.exe1</p><p>Ścieżka modułu powodującego błąd: Windows Surface Scanner.exe2</p><p>Identyfikator raportu: Windows Surface Scanner.exe3</p><p></p><p>Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: Program NOTEPAD.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.</p><p></p><p>Identyfikator procesu: dec</p><p></p><p>Godzina rozpoczęcia: 01d0117dc7c2d407</p><p></p><p>Godzina zakończenia: 0</p><p></p><p>Ścieżka aplikacji: C:\Windows\system32\NOTEPAD.EXE</p><p></p><p>Identyfikator raportu: 0f7f3df2-7d71-11e4-8e19-002243c190ce</p><p></p><p>Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/07/2014 02:09:55 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}</p><p></p><p>Error: (12/07/2014 11:53:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie.</p><p></p><p>Error: (12/07/2014 11:52:03 AM) (Source: Application Popup) (EventID: 1060) (User: )</p><p>Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.</p><p></p><p>Error: (12/07/2014 11:50:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie.</p><p></p><p>Error: (12/07/2014 11:37:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: Usługa MBAMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.</p><p></p><p>Error: (12/07/2014 11:05:58 AM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: Poprzednie zamknięcie systemu przy 11:05:00 na 2014-12-07 było nieoczekiwane.</p><p></p><p>Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: )</p><p>Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: )</p><p>Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}</p><p></p><p>Error: (12/07/2014 11:02:25 AM) (Source: DCOM) (EventID: 10005) (User: )</p><p>Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}</p><p></p><p>Error: (12/07/2014 11:02:18 AM) (Source: DCOM) (EventID: 10005) (User: )</p><p>Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: windirstat.exe1.1.2.8030401d011fc5c5a096f16C:\Program Files (x86)\WinDirStat\windirstat.exeba294275-7def-11e4-9e97-002243c190ce</p><p></p><p>Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd63c01d011fb779e2ffdC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeb67446df-7dee-11e4-9e97-002243c190ce</p><p></p><p>Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Windows Surface Scanner.exe1.0.0.14c113abbmsvcrt.dll7.0.7600.163854a5bda6fc00000050000d193ca001d011f3cf84e1c4C:\Users\Mariusz\Desktop\WindowsSurfaceScanner\Windows Surface Scanner.exeC:\Windows\syswow64\msvcrt.dll1f6d9198-7de7-11e4-860a-002243c190ce</p><p></p><p>Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: NOTEPAD.EXE6.1.7600.16385dec01d0117dc7c2d4070C:\Windows\system32\NOTEPAD.EXE0f7f3df2-7d71-11e4-8e19-002243c190ce</p><p></p><p>Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )</p><p>Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown</p><p></p><p>Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-12-07 11:52:03.026</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-12-07 11:52:03.011</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz</p><p>Percentage of memory in use: 55%</p><p>Total physical RAM: 4095.11 MB</p><p>Available physical RAM: 1820.72 MB</p><p>Total Pagefile: 8188.43 MB</p><p>Available Pagefile: 5691.99 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.8 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:465.66 GB) (Free:443.62 GB) NTFS</p><p>Drive d: (HBCD152) (CDROM) (Total:2.77 GB) (Free:0 GB) CDFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00059748)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p><p>2014-11-25 19:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll</p><p>2014-11-25 19:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe</p><p>2014-11-25 19:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe</p><p>2014-11-25 15:22 - 2014-11-25 15:22 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk</p><p>2014-11-25 15:22 - 2014-11-25 15:22 - 00000000 ____D () C:\ProgramData\Package Cache</p><p>2014-11-25 15:21 - 2014-11-25 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate</p><p>2014-11-25 15:21 - 2014-11-25 15:21 - 00000000 ____D () C:\Program Files (x86)\Seagate</p><p>2014-11-25 15:13 - 2014-11-25 15:13 - 00887896 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dotNetFx40_Client_setup (1).exe</p><p>2014-11-25 15:08 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-11-25 15:07 - 2014-11-25 15:08 - 32507072 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\Windows-KB890830-x64-V5.18.exe</p><p>2014-11-25 15:07 - 2014-11-25 15:07 - 00887896 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dotNetFx40_Client_setup.exe</p><p>2014-11-25 15:07 - 2014-11-25 15:07 - 00292184 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dxwebsetup.exe</p><p>2014-11-25 15:05 - 2014-11-25 15:06 - 26771088 _____ () C:\Users\Mariusz\Downloads\SeaToolsforWindowsSetup.exe</p><p>2014-11-25 15:02 - 2014-12-06 16:59 - 00025130 _____ () C:\Users\Mariusz\Downloads\Result.txt</p><p>2014-11-25 14:51 - 2014-11-25 14:51 - 00000000 ____D () C:\TDSSKiller_Quarantine</p><p>2014-11-25 14:45 - 2014-12-06 21:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-11-25 14:45 - 2014-12-06 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-11-25 14:45 - 2014-11-25 14:45 - 00000000 ____D () C:\Windows\SysWOW64\Macromed</p><p>2014-11-25 14:45 - 2014-11-25 14:45 - 00000000 ____D () C:\Windows\system32\Macromed</p><p>2014-11-25 14:44 - 2014-12-06 21:12 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Adobe</p><p>2014-11-25 14:26 - 2014-12-07 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-11-25 14:26 - 2014-12-07 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-11-25 14:26 - 2014-12-06 18:29 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-11-25 14:26 - 2014-12-06 16:28 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-11-25 14:26 - 2014-12-06 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-11-25 14:26 - 2014-12-06 16:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-11-25 14:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-11-25 14:26 - 2014-10-01 11:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-11-25 14:25 - 2014-11-25 14:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mariusz\Downloads\mbam-setup-2.0.3.1025.exe</p><p>2014-11-25 14:21 - 2014-12-06 14:21 - 00003880 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1416921688</p><p>2014-11-25 14:21 - 2014-11-25 14:21 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk</p><p>2014-11-25 14:21 - 2014-11-25 14:21 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk</p><p>2014-11-25 14:21 - 2014-11-25 14:21 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Opera Software</p><p>2014-11-25 14:21 - 2014-11-25 14:21 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Opera Software</p><p>2014-11-25 14:19 - 2014-12-06 14:21 - 00000000 ____D () C:\Program Files (x86)\Opera</p><p>2014-11-25 14:19 - 2014-11-25 14:19 - 00683464 _____ (Opera Software) C:\Users\Mariusz\Downloads\Opera_NI_stable.exe</p><p>2014-11-25 14:16 - 2009-06-26 01:04 - 00067584 _____ (REDC) C:\Windows\system32\Drivers\rimmpx64.sys</p><p>2014-11-25 14:16 - 2009-06-26 00:38 - 00057856 _____ (REDC) C:\Windows\system32\Drivers\rixdpx64.sys</p><p>2014-11-25 14:16 - 2009-06-26 00:13 - 00055296 _____ (REDC) C:\Windows\system32\Drivers\rimspx64.sys</p><p>2014-11-25 14:16 - 2007-07-25 20:48 - 00172032 _____ (Ricoh Company,Ltd) C:\Windows\system32\rixdicon.dll</p><p>2014-11-25 14:16 - 2004-09-04 11:00 - 00090112 _____ (Sony Corporation) C:\Windows\system32\snymsico.dll</p><p>2014-11-25 14:13 - 2014-11-25 14:14 - 00000000 ____D () C:\ProgramData\NVIDIA</p><p>2014-11-25 14:12 - 2009-05-11 11:49 - 00081952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys</p><p>2014-11-25 14:12 - 2009-05-11 11:49 - 00062976 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\nvapo64v.dll</p><p>2014-11-25 14:12 - 2009-05-11 11:48 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap64.dll</p><p>2014-11-25 14:12 - 2009-05-08 15:50 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda6.exe</p><p>2014-11-25 14:12 - 2009-05-08 15:50 - 00159232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda6.dll</p><p>2014-11-25 14:12 - 2009-04-26 09:29 - 00001407 _____ () C:\Windows\system32\nvhda.nvu</p><p>2014-11-25 14:11 - 2009-06-22 12:28 - 00539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE</p><p>2014-11-25 14:11 - 2009-06-11 10:09 - 00508448 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe</p><p>2014-11-25 14:11 - 2009-06-11 10:09 - 00010060 _____ () C:\Windows\system32\nvdisp.nvu</p><p>2014-11-25 14:06 - 2009-07-20 17:29 - 00015416 _____ ( ) C:\Windows\system32\Drivers\kbfiltr.sys</p><p>2014-11-25 14:05 - 2014-11-25 14:05 - 00004198 _____ () C:\Windows\DPINST.LOG</p><p>2014-11-25 14:05 - 2009-08-23 05:24 - 05435904 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETw5v64.sys</p><p>2014-11-25 14:04 - 2014-11-25 14:53 - 00000000 ____D () C:\Program Files\ATKGFNEX</p><p>2014-11-25 14:04 - 2014-11-25 14:04 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\InstallShield</p><p>2014-11-25 14:04 - 2014-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information</p><p>2014-11-25 14:03 - 2014-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\ASUS</p><p>2014-11-25 13:59 - 2014-12-07 08:22 - 00057960 _____ () C:\Users\Mariusz\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-11-25 13:59 - 2014-11-25 14:30 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\blueconnect</p><p>2014-11-25 13:59 - 2014-11-25 13:59 - 00001047 _____ () C:\Users\Public\Desktop\blueconnect.lnk</p><p>2014-11-25 13:59 - 2014-11-25 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\blueconnect</p><p>2014-11-25 13:59 - 2014-11-25 13:59 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf</p><p>2014-11-25 13:58 - 2014-11-25 13:59 - 00000000 ____D () C:\ProgramData\DatacardService</p><p>2014-11-25 13:58 - 2014-11-25 13:59 - 00000000 ____D () C:\Program Files (x86)\blueconnect</p><p>2014-11-25 13:58 - 2014-11-25 13:58 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf</p><p>2014-11-25 13:58 - 2011-02-25 18:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys</p><p>2014-11-25 13:58 - 2011-01-30 18:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys</p><p>2014-11-25 13:58 - 2011-01-30 18:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys</p><p>2014-11-25 13:58 - 2011-01-30 18:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys</p><p>2014-11-25 13:58 - 2011-01-30 18:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys</p><p>2014-11-25 13:58 - 2010-12-24 11:48 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys</p><p>2014-11-25 13:58 - 2010-12-23 09:48 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys</p><p>2014-11-25 13:58 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys</p><p>2014-11-25 13:58 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys</p><p>2014-11-25 13:58 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys</p><p>2014-11-25 13:58 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys</p><p>2014-11-25 13:58 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys</p><p>2014-11-25 13:58 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll</p><p>2014-11-25 13:58 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll</p><p>2014-11-25 13:57 - 2014-11-25 13:57 - 00001455 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2014-11-25 13:57 - 2014-11-25 13:57 - 00001421 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk</p><p>2014-11-25 13:57 - 2014-11-25 13:57 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf</p><p>2014-11-25 13:56 - 2014-11-25 14:49 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\VirtualStore</p><p>2014-11-25 13:56 - 2014-11-25 13:57 - 00000000 ____D () C:\Users\Mariusz</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000020 ___SH () C:\Users\Mariusz\ntuser.ini</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moje wideo</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moje obrazy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moja muzyka</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Ustawienia lokalne</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Szablony</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Moje dokumenty</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Menu Start</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moje wideo</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moje obrazy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moja muzyka</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Dane aplikacji</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Local\Historia</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Local\Dane aplikacji</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Ustawienia lokalne</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Szablony</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Moje dokumenty</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Menu Start</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moje wideo</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moje obrazy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moja muzyka</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Dane aplikacji</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historia</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dane aplikacji</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje wideo</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje obrazy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moja muzyka</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historia</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dane aplikacji</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Ulubione</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Szablony</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Pulpit</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Menu Start</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Dokumenty</p><p>2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 ____D () C:\Recovery</p><p>2014-11-25 13:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-11-25 13:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2014-11-25 13:54 - 2014-11-25 13:54 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk</p><p>2014-11-25 13:53 - 2014-12-07 14:42 - 01817337 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-25 13:53 - 2014-11-25 13:53 - 00001355 _____ () C:\Windows\TSSysprep.log</p><p>2014-11-25 13:53 - 2014-11-25 13:53 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk</p><p>2014-11-25 13:49 - 2014-11-25 13:56 - 00000000 ____D () C:\Windows\Panther</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-07 16:09 - 2009-07-14 05:45 - 00016848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-07 16:09 - 2009-07-14 05:45 - 00016848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-07 14:10 - 2009-07-14 05:51 - 00034200 _____ () C:\Windows\setupact.log</p><p>2014-12-07 11:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini</p><p>2014-12-07 11:10 - 2011-04-12 14:21 - 00686324 _____ () C:\Windows\system32\perfh015.dat</p><p>2014-12-07 11:10 - 2011-04-12 14:21 - 00131302 _____ () C:\Windows\system32\perfc015.dat</p><p>2014-12-07 11:10 - 2009-07-14 06:13 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-12-07 11:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-12-07 11:05 - 2010-11-21 04:47 - 00009842 _____ () C:\Windows\PFRO.log</p><p>2014-12-07 08:21 - 2009-07-14 05:45 - 00275536 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-12-06 20:38 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk</p><p>2014-12-06 18:13 - 2011-04-12 14:32 - 00000000 ____D () C:\Windows\CSC</p><p>2014-12-06 18:08 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini</p><p>2014-12-06 17:36 - 2011-04-12 14:32 - 00000000 ___RD () C:\Users\Public\Recorded TV</p><p>2014-12-06 17:31 - 2009-07-14 03:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_459</p><p>2014-11-29 08:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-11-27 08:52 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Public\Libraries</p><p>2014-11-25 14:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help</p><p>2014-11-25 14:02 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore</p><p>2014-11-25 13:56 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default</p><p>2014-11-25 13:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT</p><p>2014-11-25 13:53 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log</p><p>2014-11-25 13:53 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-11-25 13:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep</p><p>2014-11-25 13:49 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG</p><p>2014-11-25 13:49 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template</p><p>2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-12-06 10:02</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="mario81, post: 311180, member: 31549"] Malwarebytes Anti-Rootkit BETA 1.08.2.1001 [URL='http://www.malwarebytes.org']www.malwarebytes.org[/URL] Database version: v2014.11.18.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Mariusz :: MARIUSZ-ASUS [administrator] 2014-12-07 11:40:05 mbar-log-2014-12-07 (11-40-05).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 314426 Time elapsed: 17 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.500000 GHz Memory total: 4294037504, free: 2402488320 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.500000 GHz Memory total: 4294037504, free: 2421252096 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... ------------ Kernel report ------------ 12/06/2014 16:44:25 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\netw5v64.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmpx64.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbfiltr.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\ATK64AMD.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\ew_jubusenum.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\bthmodem.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys \SystemRoot\system32\DRIVERS\KeyCrypt64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\clbcatq.dll \Windows\System32\ole32.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\sechost.dll \Windows\System32\ws2_32.dll \Windows\System32\wininet.dll \Windows\System32\usp10.dll \Windows\System32\comdlg32.dll \Windows\System32\lpk.dll \Windows\System32\difxapi.dll \Windows\System32\msctf.dll \Windows\System32\nsi.dll \Windows\System32\iertutil.dll \Windows\System32\advapi32.dll \Windows\System32\kernel32.dll \Windows\System32\user32.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\shlwapi.dll \Windows\System32\Wldap32.dll \Windows\System32\msvcrt.dll \Windows\System32\psapi.dll \Windows\System32\urlmon.dll \Windows\System32\rpcrt4.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007327060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000095\ Lower Device Object: 0xfffffa8006c0e060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004bf4060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80046d6680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004bf4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004bf4ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004bf4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 59748 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8007327060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006b88040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007327060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006c0e060, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.500000 GHz Memory total: 4294037504, free: 2905636864 Downloaded database version: v2014.12.06.07 Downloaded database version: v2014.12.03.01 Downloaded database version: v2014.12.06.01 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. Initializing... ====================== ------------ Kernel report ------------ 12/06/2014 18:30:26 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\netw5v64.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmpx64.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbfiltr.sys \SystemRoot\system32\DRIVERS\KeyCrypt64.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\ATK64AMD.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\ew_jubusenum.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\bthmodem.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shell32.dll \Windows\System32\user32.dll \Windows\System32\imagehlp.dll \Windows\System32\lpk.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\nsi.dll \Windows\System32\usp10.dll \Windows\System32\setupapi.dll \Windows\System32\difxapi.dll \Windows\System32\shlwapi.dll \Windows\System32\Wldap32.dll \Windows\System32\advapi32.dll \Windows\System32\msctf.dll \Windows\System32\iertutil.dll \Windows\System32\rpcrt4.dll \Windows\System32\oleaut32.dll \Windows\System32\msvcrt.dll \Windows\System32\normaliz.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\ws2_32.dll \Windows\System32\psapi.dll \Windows\System32\imm32.dll \Windows\System32\urlmon.dll \Windows\System32\wininet.dll \Windows\System32\comdlg32.dll \Windows\System32\clbcatq.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8004cb73e0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000081\ Lower Device Object: 0xfffffa8004cfab60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c1c5f0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80046b7060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c1c5f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c1c5f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046ba4f0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80046b7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 59748 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8004cb73e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006596b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004cb73e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004cfab60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.500000 GHz Memory total: 4294037504, free: 2197168128 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.500000 GHz Memory total: 4294037504, free: 2510094336 ======================================= Initializing... ------------ Kernel report ------------ 12/07/2014 11:39:54 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\gwdrv.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS \??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\netw5v64.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmpx64.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbfiltr.sys \SystemRoot\system32\DRIVERS\KeyCrypt64.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\ATK64AMD.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\ew_jubusenum.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\bthmodem.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shlwapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\usp10.dll \Windows\System32\oleaut32.dll \Windows\System32\difxapi.dll \Windows\System32\iertutil.dll \Windows\System32\kernel32.dll \Windows\System32\Wldap32.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\setupapi.dll \Windows\System32\ole32.dll \Windows\System32\normaliz.dll \Windows\System32\sechost.dll \Windows\System32\comdlg32.dll \Windows\System32\gdi32.dll \Windows\System32\imagehlp.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\shell32.dll \Windows\System32\wininet.dll \Windows\System32\urlmon.dll \Windows\System32\imm32.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8006cea570 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8006cdf330 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c3e730 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80046d6680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c3e180, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 59748 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8006cea570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006ce7040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006cea570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006cdf330, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.500000 GHz Memory total: 4294037504, free: 1889345536 ======================================= Initializing... ------------ Kernel report ------------ 12/07/2014 17:26:17 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS \??\C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\netw5v64.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmpx64.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbfiltr.sys \SystemRoot\system32\DRIVERS\KeyCrypt64.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\ATK64AMD.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\ew_jubusenum.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\bthmodem.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys \SystemRoot\system32\DRIVERS\gwdrv.sys \??\C:\Users\Mariusz\AppData\Local\Temp\pwriafoc.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shlwapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\usp10.dll \Windows\System32\oleaut32.dll \Windows\System32\difxapi.dll \Windows\System32\iertutil.dll \Windows\System32\kernel32.dll \Windows\System32\Wldap32.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\setupapi.dll \Windows\System32\ole32.dll \Windows\System32\normaliz.dll \Windows\System32\sechost.dll \Windows\System32\comdlg32.dll \Windows\System32\gdi32.dll \Windows\System32\imagehlp.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\shell32.dll \Windows\System32\wininet.dll \Windows\System32\urlmon.dll \Windows\System32\imm32.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c3e730 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80046d6680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c3e180, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c3e730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046da520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80046d6680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 59748 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01 Ran by Mariusz (administrator) on MARIUSZ-ASUS on 07-12-2014 16:27:34 Running from C:\Users\Mariusz\Downloads Loaded Profile: Mariusz (Available profiles: Mariusz) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Seifert) C:\Program Files (x86)\WinDirStat\windirstat.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe () C:\Program Files (x86)\blueconnect\blueconnect.exe (Huawei Technologies Co., Ltd.) C:\Users\Mariusz\AppData\Roaming\blueconnect\ouc.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files )\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files )\Malwarebytes Anti-Malware\mbamscheduler.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe (Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe (OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.scr ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2558776 2014-12-04] (Malwarebytes Corporation) HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [HijackThis startup scan] => C:\Users\Mariusz\Desktop\HijackThis\HijackThis.exe [1306624 2011-04-11] (Trend Micro Inc.) HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [SUPERAntiSpyware] => C:\Users\Mariusz\Desktop\SuperAntiSpyware\PROGRAM64.COM [5500800 2011-10-17] (SUPERAntiSpyware.com) HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [HW_OPENEYE_OUC_blueconnect] => C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe [116064 2011-03-26] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9474344 2014-11-06] (SecureMix LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome[/url] HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com[/url] HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x84F5C445B208D001 HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/[/url] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Tcpip\..\Interfaces\{8B89C5E6-5A1C-4B5B-AF23-768569CBDACB}: [NameServer] 89.108.202.20 89.108.195.20 FireFox: ======== FF ProfilePath: C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\[EMAIL]adblockpopups@jessehakanen.net.xpi[/EMAIL] [2014-12-06] FF Extension: Bluhell Firewall - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-12-06] FF Extension: Cert Alert - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{c45ac2c6-14d5-11df-844d-001f16155cce}.xpi [2014-12-06] FF Extension: SoundCloud Downloader - Technowise - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-12-06] FF Extension: Adblock Plus - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06] FF Extension: Adblock Edge - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\qq6gtik4.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-06] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6279976 2014-11-06] (SecureMix LLC) S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [544056 2014-12-04] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files )\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files )\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-04] () R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2014-11-05] (SecureMix LLC) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [71400 2014-11-28] (Zemana Ltd.) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-12-06] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) R1 SASDIFSV; C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Users\Mariusz\Desktop\SuperAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 16:25 - 2014-12-07 16:25 - 00368705 _____ () C:\Users\Mariusz\Downloads\gm.zip 2014-12-07 16:24 - 2014-12-07 16:27 - 00009068 _____ () C:\Users\Mariusz\Downloads\FRST.txt 2014-12-07 16:24 - 2014-12-07 16:27 - 00000000 ____D () C:\FRST 2014-12-07 16:24 - 2014-12-07 16:25 - 00023099 _____ () C:\Users\Mariusz\Downloads\Addition.txt 2014-12-07 16:24 - 2014-12-07 16:24 - 00602112 _____ (OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.scr 2014-12-07 16:22 - 2014-12-07 16:23 - 02119680 _____ (Farbar) C:\Users\Mariusz\Downloads\FRST64.exe 2014-12-07 14:45 - 2014-12-07 14:45 - 00001873 _____ () C:\Users\Mariusz\Desktop\GlassWire.lnk 2014-12-07 14:45 - 2014-12-07 14:45 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0 2014-12-07 14:45 - 2014-12-07 14:45 - 00000000 ____D () C:\Program Files (x86)\GlassWire 2014-12-07 11:55 - 2014-12-07 11:55 - 00013838 _____ () C:\ComboFix.txt 2014-12-07 11:46 - 2014-12-07 11:55 - 00000000 ____D () C:\Qoobox 2014-12-07 11:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-07 11:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-07 11:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-07 11:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-07 11:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-07 11:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-07 11:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-07 11:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-07 11:45 - 2014-12-07 11:45 - 05600430 ____R (Swearware) C:\Users\Mariusz\Downloads\ComboFix.exe 2014-12-07 11:41 - 2014-12-07 11:41 - 00000000 ____D () C:\Program Files ) 2014-12-07 11:41 - 2014-10-01 11:20 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-GJ4SP.tmp 2014-12-07 11:41 - 2014-10-01 11:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-HRU1D.tmp 2014-12-07 11:35 - 2014-12-07 11:36 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Mariusz\Downloads\mbam-setup.exe 2014-12-07 11:34 - 2014-12-07 11:35 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Mariusz\Downloads\mbar-1.08.2.1001(1).exe 2014-12-07 10:43 - 2014-12-07 10:43 - 00000000 ____D () C:\Users\Mariusz\Desktop\Undelete 2014-12-07 10:35 - 2014-12-07 10:35 - 02774272 _____ () C:\Users\Mariusz\Downloads\avg_remover_parite.exe 2014-12-07 10:32 - 2014-12-07 10:32 - 02774272 _____ () C:\Users\Mariusz\Downloads\rmmabez.exe 2014-12-07 09:52 - 2014-12-07 09:52 - 00000016 __RSH () C:\Recycled 2014-12-07 09:46 - 2014-12-07 09:46 - 00001084 _____ () C:\CSDefault.cst 2014-12-07 09:22 - 2014-12-07 09:27 - 00000000 ____D () C:\Users\Mariusz\Desktop\AviraAntiVir 2014-12-07 09:19 - 2014-12-07 09:20 - 00000000 ____D () C:\Users\Mariusz\Documents\AIDA64 Reports 2014-12-07 09:12 - 2014-12-07 10:17 - 00000000 ____D () C:\Users\Mariusz\Desktop\AIDA64 2014-12-07 09:08 - 2014-12-06 18:09 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20141207-090824.backup 2014-12-07 09:01 - 2014-12-07 09:01 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\SUPERAntiSpyware.com 2014-12-07 09:01 - 2014-12-07 09:01 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-12-07 08:50 - 2014-12-07 08:50 - 00000000 ____D () C:\Users\Mariusz\Desktop\WindowsSurfaceScanner 2014-12-07 08:49 - 2014-12-07 09:00 - 00000000 ____D () C:\Users\Mariusz\Desktop\TrueCrypt 2014-12-07 08:49 - 2014-12-07 08:49 - 00000000 ____D () C:\Users\Mariusz\Desktop\SuperAntiSpyware 2014-12-07 08:48 - 2014-12-07 09:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-07 08:48 - 2014-12-07 08:48 - 00000000 ____D () C:\Users\Mariusz\Desktop\SpybotSD 2014-12-07 08:47 - 2014-12-07 08:47 - 00000000 ____D () C:\Users\Mariusz\Desktop\SoftPerfectNetworkScanner 2014-12-07 08:44 - 2014-12-07 08:44 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-07 08:42 - 2014-12-07 11:06 - 00000000 ____D () C:\Users\Mariusz\Desktop\HijackThis 2014-12-07 08:24 - 2014-12-07 08:24 - 00000000 ____D () C:\Users\Mariusz\Desktop\DefaultKeyboardPatch 2014-12-07 07:08 - 2014-12-07 07:08 - 00164134 _____ () C:\Users\Mariusz\Downloads\sk.zip 2014-12-07 07:08 - 2014-12-07 07:08 - 00000000 ____D () C:\Users\Mariusz\Desktop\sk 2014-12-07 04:27 - 2014-12-07 04:27 - 00003384 _____ () C:\Users\Mariusz\Downloads\index(2).html 2014-12-07 04:27 - 2014-12-07 04:27 - 00002928 _____ () C:\Users\Mariusz\Downloads\index(1).html 2014-12-07 04:26 - 2014-12-07 04:26 - 00001016 _____ () C:\Users\Mariusz\Downloads\index.html 2014-12-07 04:24 - 2014-12-07 04:24 - 00000000 ____D () C:\Users\Mariusz\Desktop\listingi 2014-12-07 04:23 - 2014-12-07 04:23 - 01941064 _____ () C:\Users\Mariusz\Downloads\winrar-x64-520.exe 2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\WinRAR 2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-07 04:23 - 2014-12-07 04:23 - 00000000 ____D () C:\Program Files\WinRAR 2014-12-07 04:22 - 2014-12-07 04:22 - 25514493 _____ () C:\Users\Mariusz\Downloads\listingi.rar 2014-12-06 21:14 - 2014-12-06 21:14 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Macromedia 2014-12-06 21:14 - 2014-12-06 21:14 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Adobe 2014-12-06 20:43 - 2014-12-06 20:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Mozilla 2014-12-06 20:43 - 2014-12-06 20:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Mozilla 2014-12-06 20:43 - 2014-12-06 20:43 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk 2014-12-06 20:43 - 2014-12-06 20:43 - 00000862 _____ () C:\Users\Public\Desktop\Nightly.lnk 2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\ProgramData\Mozilla 2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\Program Files\Nightly 2014-12-06 20:43 - 2014-12-06 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-06 20:42 - 2014-12-06 20:43 - 43329168 _____ () C:\Users\Mariusz\Downloads\firefox-37.0a1.en-US.win64-x86_64.installer.exe 2014-12-06 18:44 - 2014-12-06 18:44 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\GlassWire 2014-12-06 18:44 - 2014-12-06 18:44 - 00000000 ____D () C:\ProgramData\GlassWire 2014-12-06 18:44 - 2014-11-05 06:54 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat 2014-12-06 18:44 - 2014-11-05 06:41 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys 2014-12-06 18:42 - 2014-12-06 18:48 - 00000000 ____D () C:\Users\Mariusz\Desktop\Nowy folder 2014-12-06 18:42 - 2014-12-06 18:42 - 00084917 _____ () C:\Users\Mariusz\Downloads\bluescreenview-x64.zip 2014-12-06 18:40 - 2014-12-06 18:42 - 16338360 _____ (SecureMix LLC) C:\Users\Mariusz\Downloads\GlassWireSetup.exe 2014-12-06 18:10 - 2014-12-06 18:10 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute 2014-12-06 17:43 - 2014-12-06 17:48 - 00000000 ____D () C:\Windows\erdnt 2014-12-06 17:41 - 2014-12-06 17:41 - 00000000 ____D () C:\Users\Mariusz\Downloads\vba32arkit 2014-12-06 17:39 - 2014-12-07 11:08 - 00000000 ____D () C:\Users\Mariusz\Downloads\TMRBLog 2014-12-06 17:39 - 2014-12-06 17:40 - 00002122 _____ () C:\Users\Mariusz\Desktop\Rkill.txt 2014-12-06 17:28 - 2014-12-06 17:28 - 08656400 _____ (Trend Micro Inc.) C:\Users\Mariusz\Downloads\RootkitBuster_v5_1061.exe 2014-12-06 17:28 - 2014-12-06 17:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mariusz\Downloads\rkill.com 2014-12-06 17:27 - 2014-12-06 17:27 - 00464491 _____ () C:\Users\Mariusz\Downloads\RootRepeal.zip 2014-12-06 17:25 - 2014-12-06 17:25 - 01472131 _____ () C:\Users\Mariusz\Downloads\vba32arkit.zip 2014-12-06 17:19 - 2014-12-06 17:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MARIUSZ-ASUS-Microsoft-Windows-7-Professional-(64-bit).dat 2014-12-06 17:18 - 2014-12-06 17:18 - 00000000 ____D () C:\RegBackup 2014-12-06 17:12 - 2014-12-06 17:12 - 00003304 _____ () C:\bootsqm.dat 2014-12-06 17:04 - 2014-12-06 17:04 - 00003170 _____ () C:\Windows\System32\Tasks\{560E3CD8-BAF3-4E80-A885-17F4DA9CF338} 2014-12-06 16:58 - 2014-12-06 16:58 - 00001035 _____ () C:\Users\Mariusz\Desktop\WinDirStat.lnk 2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat 2014-12-06 16:58 - 2014-12-06 16:58 - 00000000 ____D () C:\Program Files (x86)\WinDirStat 2014-12-06 16:57 - 2014-12-06 16:57 - 00645729 _____ (WDS Team) C:\Users\Mariusz\Downloads\windirstat1_1_2_setup.exe 2014-12-06 16:57 - 2014-12-06 16:57 - 00401920 _____ (Farbar) C:\Users\Mariusz\Downloads\MiniToolBox (1).exe 2014-12-06 16:55 - 2014-12-06 16:55 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Mariusz\Downloads\ADSSpy.exe 2014-12-06 16:55 - 2014-12-06 16:55 - 00000194 _____ () C:\Users\Mariusz\Downloads\hosts-perm.bat 2014-12-06 16:54 - 2014-12-06 16:54 - 00145237 _____ () C:\Users\Mariusz\Downloads\ntregopt.zip 2014-12-06 16:54 - 2014-12-06 16:54 - 00000000 ____D () C:\Users\Mariusz\Downloads\ntregopt 2014-12-06 16:53 - 2014-12-06 17:06 - 04025858 _____ () C:\Users\Mariusz\Downloads\EmsisoftEmergencyKit.exe.opdownload 2014-12-06 16:49 - 2014-12-06 16:49 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-12-06 16:49 - 2014-12-06 16:49 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Secunia PSI 2014-12-06 16:49 - 2014-12-06 16:49 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-12-06 16:48 - 2014-12-06 16:48 - 00002163 _____ () C:\Users\Mariusz\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-12-06 16:48 - 2014-12-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-12-06 16:48 - 2014-12-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-12-06 16:47 - 2014-12-06 16:47 - 09817304 _____ () C:\Users\Mariusz\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-12-06 16:47 - 2014-12-06 16:47 - 05490752 _____ (Secunia) C:\Users\Mariusz\Downloads\PSISetup.exe 2014-12-06 16:44 - 2014-12-07 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-06 16:43 - 2014-12-07 11:57 - 00000000 ____D () C:\Users\Mariusz\Desktop\mbar 2014-12-06 16:42 - 2014-12-06 16:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Mariusz\Downloads\mbar-1.08.2.1001.exe 2014-12-06 16:36 - 2014-12-06 16:36 - 00001144 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk 2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\AntiLogger Free 2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free 2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free 2014-12-06 16:36 - 2014-12-06 16:36 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK 2014-12-06 16:36 - 2014-11-28 12:15 - 00071400 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys 2014-12-06 16:35 - 2014-12-06 16:35 - 03453640 _____ (Zemana Ltd. ) C:\Users\Mariusz\Downloads\AntiLoggerFree_Setup.exe 2014-12-06 16:35 - 2014-12-06 16:35 - 00000000 ____D () C:\Users\Mariusz\Downloads\data 2014-12-06 16:34 - 2014-12-06 16:34 - 00332171 _____ () C:\Users\Mariusz\Downloads\GiveMePower-v2.0.exe 2014-12-06 16:34 - 2014-06-19 11:17 - 00414720 _____ () C:\Users\Mariusz\Downloads\GiveMePower.exe 2014-12-06 16:34 - 2014-06-19 11:17 - 00038400 _____ () C:\Users\Mariusz\Downloads\GiveMePower.pdb 2014-12-06 16:33 - 2014-12-06 16:33 - 00009506 _____ () C:\HijackPatrol.log 2014-12-06 16:32 - 2014-12-06 19:41 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\WinPatrol 2014-12-06 16:32 - 2014-12-06 16:32 - 01156136 _____ (Ruiware) C:\Users\Mariusz\Downloads\wpsetup.exe 2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\ProgramData\InstallMate 2014-12-06 16:32 - 2014-12-06 16:32 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-12-06 16:23 - 2014-12-06 16:23 - 00006706 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF (1).torrent 2014-12-06 16:21 - 2014-12-07 11:29 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF 2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-12-06 16:21 - 2014-12-06 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-12-06 16:20 - 2014-12-06 16:20 - 00006706 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.4.1028.Final-FFF.torrent 2014-12-06 16:19 - 2014-12-06 16:19 - 00001444 _____ () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Exploit.Premium.v1.05.1.1015.Final-FFF.torrent 2014-12-06 16:19 - 2014-12-06 16:19 - 00000857 _____ () C:\Users\Mariusz\Desktop\µTorrent.lnk 2014-12-06 16:19 - 2014-12-06 16:19 - 00000837 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-12-06 16:19 - 2014-12-06 16:19 - 00000000 ____D () C:\Users\Mariusz\Downloads\Malwarebytes.Anti-Exploit.Premium.v1.05.1.1015.Final-FFF 2014-12-06 16:18 - 2014-12-06 17:06 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\uTorrent 2014-12-06 16:18 - 2014-12-06 16:18 - 01682512 _____ (BitTorrent Inc.) C:\Users\Mariusz\Downloads\uTorrent.exe 2014-12-06 13:50 - 2014-12-06 13:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\06E03FF8.sys 2014-12-05 20:08 - 2014-12-06 18:21 - 00000000 ____D () C:\ProgramData\Skype 2014-12-05 20:08 - 2014-12-05 20:08 - 00003130 _____ () C:\Windows\System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013} 2014-12-05 20:06 - 2014-12-05 20:06 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Mariusz\Downloads\SkypeSetup.exe 2014-11-28 13:02 - 2014-11-28 13:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys 2014-11-28 08:33 - 2014-11-28 08:33 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-11-25 19:39 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-25 19:39 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-25 19:39 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-25 19:39 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-25 19:39 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-25 19:39 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-25 19:39 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-25 19:39 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-25 19:39 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-25 19:39 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-25 19:38 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01 Ran by Mariusz at 2014-12-07 16:28:09 Running from C:\Users\Mariusz\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.240 - Adobe Systems Incorporated) AntiLogger Free version 1.8.2.24 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.24 - Zemana Ltd.) ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS) ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS) blueconnect (HKLM-x32\...\blueconnect) (Version: 11.302.09.27.49 - Huawei Technologies Co.,Ltd) GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.30 - SecureMix LLC) Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0a1 - Mozilla) Nightly 37.0a1 (x64 en-US) (HKLM\...\Nightly 37.0a1 (x64 en-US)) (Version: 37.0a1 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation) Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia) Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com) WinDirStat 1.1.2 (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\WinDirStat) (Version: - ) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 25-11-2014 13:02:47 Installed ATK Hotkey 25-11-2014 13:03:49 Installed ATK Media 25-11-2014 13:04:11 Installed ATK Generic Function Service 25-11-2014 14:14:44 Windows Update 25-11-2014 14:21:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 25-11-2014 18:38:24 Windows Update 06-12-2014 16:44:12 ComboFix created restore point 06-12-2014 17:32:47 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-12-07 11:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {5416E9A3-BFE1-4B01-B72E-CDDC8273B985} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation) Task: {5F15C5AF-A49F-48EE-A1FA-065B987DCB0B} - System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013} => c:\program files (x86)\opera\launcher.exe [2014-11-25] (Opera Software) Task: {B642009A-2D27-4045-800A-14401979BC9D} - System32\Tasks\Opera scheduled Autoupdate 1416921688 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software) ==================== Loaded Modules (whitelisted) ============= 2014-11-25 13:58 - 2011-05-05 15:13 - 00120160 _____ () C:\Program Files (x86)\blueconnect\blueconnect.exe 2014-12-06 21:11 - 2014-12-06 21:11 - 23043248 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll 2014-11-25 13:58 - 2011-03-26 16:59 - 00020320 _____ () C:\Program Files (x86)\blueconnect\isaputrace.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00128352 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\NetInfoPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00095584 _____ () C:\Program Files (x86)\blueconnect\DialUpPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:53 - 00071008 _____ () C:\Program Files (x86)\blueconnect\ConfigFilePlugin.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 01025376 _____ () C:\Program Files (x86)\blueconnect\NDISAPI.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00161120 _____ () C:\Program Files (x86)\blueconnect\DetectDev.dll 2014-11-25 13:58 - 2011-03-26 16:53 - 00566624 _____ () C:\Program Files (x86)\blueconnect\atcomm.dll 2014-11-25 13:58 - 2011-03-26 16:56 - 00066912 _____ () C:\Program Files (x86)\blueconnect\XCodec.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00066912 _____ () C:\Program Files (x86)\blueconnect\DeviceOperate.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\LocaleMgrPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00038240 _____ () C:\Program Files (x86)\blueconnect\NotifyServicePlugin.dll 2014-11-25 13:58 - 2011-03-26 16:58 - 00095584 _____ () C:\Program Files (x86)\blueconnect\FileManager.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00165216 _____ () C:\Program Files (x86)\blueconnect\SMSPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00243040 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrUIPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:56 - 00071008 _____ () C:\Program Files (x86)\blueconnect\SpeedManagerPlugin.dll 2014-11-06 08:08 - 2014-11-06 08:08 - 00893224 _____ () C:\Program Files (x86)\GlassWire\platforms\qwindows.dll 2014-11-06 08:08 - 2014-11-06 08:08 - 00030504 _____ () C:\Program Files (x86)\GlassWire\imageformats\qico.dll 2014-11-06 08:08 - 2014-11-06 08:08 - 00248104 _____ () C:\Program Files (x86)\GlassWire\imageformats\qjpeg.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASLDRService => 2 MSCONFIG\Services: HWDeviceService64.exe => 2 MSCONFIG\Services: MbaeSvc => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: Secunia PSI Agent => 3 MSCONFIG\Services: Secunia Update Agent => 2 MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: HW_OPENEYE_OUC_blueconnect => "C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe" MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot MSCONFIG\startupreg: ZALFree => "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED ========================= Accounts: ========================== Administrator (S-1-5-21-2376877967-2081922626-2068000606-500 - Administrator - Disabled) Gość (S-1-5-21-2376877967-2081922626-2068000606-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2376877967-2081922626-2068000606-1002 - Limited - Enabled) Mariusz (S-1-5-21-2376877967-2081922626-2068000606-1000 - Administrator - Enabled) => C:\Users\Mariusz ==================== Faulty Device Manager Devices ============= Name: Urządzenie pamięci masowej USB Description: Urządzenie pamięci masowej USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Zgodne urządzenie magazynujące USB Service: USBSTOR Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38) Resolution: The driver could not be loaded because a previous instance is still loaded. Restart the computer. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Urządzenie pamięci masowej USB Description: Urządzenie pamięci masowej USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Zgodne urządzenie magazynujące USB Service: USBSTOR Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38) Resolution: The driver could not be loaded because a previous instance is still loaded. Restart the computer. ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program windirstat.exe w wersji 1.1.2.80 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 304 Godzina rozpoczęcia: 01d011fc5c5a096f Godzina zakończenia: 16 Ścieżka aplikacji: C:\Program Files (x86)\WinDirStat\windirstat.exe Identyfikator raportu: ba294275-7def-11e4-9e97-002243c190ce Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa Nazwa modułu powodującego błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000040cd Identyfikator procesu powodującego błąd: 0x63c Godzina uruchomienia aplikacji powodującej błąd: 0xRootkitRevealer.exe0 Ścieżka aplikacji powodującej błąd: RootkitRevealer.exe1 Ścieżka modułu powodującego błąd: RootkitRevealer.exe2 Identyfikator raportu: RootkitRevealer.exe3 Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Windows Surface Scanner.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x4c113abb Nazwa modułu powodującego błąd: msvcrt.dll, wersja: 7.0.7600.16385, sygnatura czasowa: 0x4a5bda6f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000d193 Identyfikator procesu powodującego błąd: 0xca0 Godzina uruchomienia aplikacji powodującej błąd: 0xWindows Surface Scanner.exe0 Ścieżka aplikacji powodującej błąd: Windows Surface Scanner.exe1 Ścieżka modułu powodującego błąd: Windows Surface Scanner.exe2 Identyfikator raportu: Windows Surface Scanner.exe3 Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program NOTEPAD.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: dec Godzina rozpoczęcia: 01d0117dc7c2d407 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Windows\system32\NOTEPAD.EXE Identyfikator raportu: 0f7f3df2-7d71-11e4-8e19-002243c190ce Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/07/2014 02:09:55 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/07/2014 11:53:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (12/07/2014 11:52:03 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (12/07/2014 11:50:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (12/07/2014 11:37:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa MBAMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/07/2014 11:05:58 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 11:05:00 na 2014-12-07 było nieoczekiwane. Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (12/07/2014 11:02:25 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/07/2014 11:02:18 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: windirstat.exe1.1.2.8030401d011fc5c5a096f16C:\Program Files (x86)\WinDirStat\windirstat.exeba294275-7def-11e4-9e97-002243c190ce Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd63c01d011fb779e2ffdC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeb67446df-7dee-11e4-9e97-002243c190ce Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Windows Surface Scanner.exe1.0.0.14c113abbmsvcrt.dll7.0.7600.163854a5bda6fc00000050000d193ca001d011f3cf84e1c4C:\Users\Mariusz\Desktop\WindowsSurfaceScanner\Windows Surface Scanner.exeC:\Windows\syswow64\msvcrt.dll1f6d9198-7de7-11e4-860a-002243c190ce Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: NOTEPAD.EXE6.1.7600.16385dec01d0117dc7c2d4070C:\Windows\system32\NOTEPAD.EXE0f7f3df2-7d71-11e4-8e19-002243c190ce Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-12-07 11:52:03.026 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-07 11:52:03.011 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz Percentage of memory in use: 55% Total physical RAM: 4095.11 MB Available physical RAM: 1820.72 MB Total Pagefile: 8188.43 MB Available Pagefile: 5691.99 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:443.62 GB) NTFS Drive d: (HBCD152) (CDROM) (Total:2.77 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00059748) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ 2014-11-25 19:38 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-25 19:38 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-25 19:38 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-25 15:22 - 2014-11-25 15:22 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk 2014-11-25 15:22 - 2014-11-25 15:22 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-25 15:21 - 2014-11-25 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2014-11-25 15:21 - 2014-11-25 15:21 - 00000000 ____D () C:\Program Files (x86)\Seagate 2014-11-25 15:13 - 2014-11-25 15:13 - 00887896 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dotNetFx40_Client_setup (1).exe 2014-11-25 15:08 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-25 15:07 - 2014-11-25 15:08 - 32507072 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\Windows-KB890830-x64-V5.18.exe 2014-11-25 15:07 - 2014-11-25 15:07 - 00887896 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dotNetFx40_Client_setup.exe 2014-11-25 15:07 - 2014-11-25 15:07 - 00292184 _____ (Microsoft Corporation) C:\Users\Mariusz\Downloads\dxwebsetup.exe 2014-11-25 15:05 - 2014-11-25 15:06 - 26771088 _____ () C:\Users\Mariusz\Downloads\SeaToolsforWindowsSetup.exe 2014-11-25 15:02 - 2014-12-06 16:59 - 00025130 _____ () C:\Users\Mariusz\Downloads\Result.txt 2014-11-25 14:51 - 2014-11-25 14:51 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-11-25 14:45 - 2014-12-06 21:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-25 14:45 - 2014-12-06 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-25 14:45 - 2014-11-25 14:45 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-11-25 14:45 - 2014-11-25 14:45 - 00000000 ____D () C:\Windows\system32\Macromed 2014-11-25 14:44 - 2014-12-06 21:12 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Adobe 2014-11-25 14:26 - 2014-12-07 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-25 14:26 - 2014-12-07 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-25 14:26 - 2014-12-06 18:29 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-25 14:26 - 2014-12-06 16:28 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-25 14:26 - 2014-12-06 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-25 14:26 - 2014-12-06 16:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-25 14:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-25 14:26 - 2014-10-01 11:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-25 14:25 - 2014-11-25 14:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mariusz\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-25 14:21 - 2014-12-06 14:21 - 00003880 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1416921688 2014-11-25 14:21 - 2014-11-25 14:21 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-11-25 14:21 - 2014-11-25 14:21 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-11-25 14:21 - 2014-11-25 14:21 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\Opera Software 2014-11-25 14:21 - 2014-11-25 14:21 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\Opera Software 2014-11-25 14:19 - 2014-12-06 14:21 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-11-25 14:19 - 2014-11-25 14:19 - 00683464 _____ (Opera Software) C:\Users\Mariusz\Downloads\Opera_NI_stable.exe 2014-11-25 14:16 - 2009-06-26 01:04 - 00067584 _____ (REDC) C:\Windows\system32\Drivers\rimmpx64.sys 2014-11-25 14:16 - 2009-06-26 00:38 - 00057856 _____ (REDC) C:\Windows\system32\Drivers\rixdpx64.sys 2014-11-25 14:16 - 2009-06-26 00:13 - 00055296 _____ (REDC) C:\Windows\system32\Drivers\rimspx64.sys 2014-11-25 14:16 - 2007-07-25 20:48 - 00172032 _____ (Ricoh Company,Ltd) C:\Windows\system32\rixdicon.dll 2014-11-25 14:16 - 2004-09-04 11:00 - 00090112 _____ (Sony Corporation) C:\Windows\system32\snymsico.dll 2014-11-25 14:13 - 2014-11-25 14:14 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-25 14:12 - 2009-05-11 11:49 - 00081952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-11-25 14:12 - 2009-05-11 11:49 - 00062976 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\nvapo64v.dll 2014-11-25 14:12 - 2009-05-11 11:48 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\nvhdap64.dll 2014-11-25 14:12 - 2009-05-08 15:50 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda6.exe 2014-11-25 14:12 - 2009-05-08 15:50 - 00159232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda6.dll 2014-11-25 14:12 - 2009-04-26 09:29 - 00001407 _____ () C:\Windows\system32\nvhda.nvu 2014-11-25 14:11 - 2009-06-22 12:28 - 00539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE 2014-11-25 14:11 - 2009-06-11 10:09 - 00508448 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2014-11-25 14:11 - 2009-06-11 10:09 - 00010060 _____ () C:\Windows\system32\nvdisp.nvu 2014-11-25 14:06 - 2009-07-20 17:29 - 00015416 _____ ( ) C:\Windows\system32\Drivers\kbfiltr.sys 2014-11-25 14:05 - 2014-11-25 14:05 - 00004198 _____ () C:\Windows\DPINST.LOG 2014-11-25 14:05 - 2009-08-23 05:24 - 05435904 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETw5v64.sys 2014-11-25 14:04 - 2014-11-25 14:53 - 00000000 ____D () C:\Program Files\ATKGFNEX 2014-11-25 14:04 - 2014-11-25 14:04 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\InstallShield 2014-11-25 14:04 - 2014-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-11-25 14:03 - 2014-11-25 14:04 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-11-25 13:59 - 2014-12-07 08:22 - 00057960 _____ () C:\Users\Mariusz\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-25 13:59 - 2014-11-25 14:30 - 00000000 ____D () C:\Users\Mariusz\AppData\Roaming\blueconnect 2014-11-25 13:59 - 2014-11-25 13:59 - 00001047 _____ () C:\Users\Public\Desktop\blueconnect.lnk 2014-11-25 13:59 - 2014-11-25 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\blueconnect 2014-11-25 13:59 - 2014-11-25 13:59 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2014-11-25 13:58 - 2014-11-25 13:59 - 00000000 ____D () C:\ProgramData\DatacardService 2014-11-25 13:58 - 2014-11-25 13:59 - 00000000 ____D () C:\Program Files (x86)\blueconnect 2014-11-25 13:58 - 2014-11-25 13:58 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-11-25 13:58 - 2011-02-25 18:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2014-11-25 13:58 - 2011-01-30 18:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys 2014-11-25 13:58 - 2011-01-30 18:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-11-25 13:58 - 2011-01-30 18:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys 2014-11-25 13:58 - 2011-01-30 18:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2014-11-25 13:58 - 2010-12-24 11:48 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-11-25 13:58 - 2010-12-23 09:48 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys 2014-11-25 13:58 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-11-25 13:58 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys 2014-11-25 13:58 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2014-11-25 13:58 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-11-25 13:58 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-11-25 13:58 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2014-11-25 13:58 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll 2014-11-25 13:57 - 2014-11-25 13:57 - 00001455 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-25 13:57 - 2014-11-25 13:57 - 00001421 _____ () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-11-25 13:57 - 2014-11-25 13:57 - 00000000 _____ () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-11-25 13:56 - 2014-11-25 14:49 - 00000000 ____D () C:\Users\Mariusz\AppData\Local\VirtualStore 2014-11-25 13:56 - 2014-11-25 13:57 - 00000000 ____D () C:\Users\Mariusz 2014-11-25 13:56 - 2014-11-25 13:56 - 00000020 ___SH () C:\Users\Mariusz\ntuser.ini 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moje wideo 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moje obrazy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Public\Documents\Moja muzyka 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Ustawienia lokalne 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Szablony 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Moje dokumenty 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Menu Start 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moje wideo 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moje obrazy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Documents\Moja muzyka 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\Dane aplikacji 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Local\Historia 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Mariusz\AppData\Local\Dane aplikacji 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Ustawienia lokalne 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Szablony 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Moje dokumenty 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Menu Start 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moje wideo 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moje obrazy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Documents\Moja muzyka 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\Dane aplikacji 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historia 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dane aplikacji 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje wideo 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moje obrazy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\Documents\Moja muzyka 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historia 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dane aplikacji 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Ulubione 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Szablony 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Pulpit 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programy 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Menu Start 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 _SHDL () C:\ProgramData\Dokumenty 2014-11-25 13:56 - 2014-11-25 13:56 - 00000000 ____D () C:\Recovery 2014-11-25 13:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-25 13:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-11-25 13:54 - 2014-11-25 13:54 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2014-11-25 13:53 - 2014-12-07 14:42 - 01817337 _____ () C:\Windows\WindowsUpdate.log 2014-11-25 13:53 - 2014-11-25 13:53 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-11-25 13:53 - 2014-11-25 13:53 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2014-11-25 13:49 - 2014-11-25 13:56 - 00000000 ____D () C:\Windows\Panther ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 16:09 - 2009-07-14 05:45 - 00016848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-07 16:09 - 2009-07-14 05:45 - 00016848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-07 14:10 - 2009-07-14 05:51 - 00034200 _____ () C:\Windows\setupact.log 2014-12-07 11:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-07 11:10 - 2011-04-12 14:21 - 00686324 _____ () C:\Windows\system32\perfh015.dat 2014-12-07 11:10 - 2011-04-12 14:21 - 00131302 _____ () C:\Windows\system32\perfc015.dat 2014-12-07 11:10 - 2009-07-14 06:13 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-07 11:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-07 11:05 - 2010-11-21 04:47 - 00009842 _____ () C:\Windows\PFRO.log 2014-12-07 08:21 - 2009-07-14 05:45 - 00275536 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-06 20:38 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-12-06 18:13 - 2011-04-12 14:32 - 00000000 ____D () C:\Windows\CSC 2014-12-06 18:08 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini 2014-12-06 17:36 - 2011-04-12 14:32 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-12-06 17:31 - 2009-07-14 03:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_459 2014-11-29 08:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-27 08:52 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Public\Libraries 2014-11-25 14:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help 2014-11-25 14:02 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore 2014-11-25 13:56 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default 2014-11-25 13:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT 2014-11-25 13:53 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log 2014-11-25 13:53 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-25 13:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-11-25 13:49 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-11-25 13:49 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 10:02 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top