Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87510 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

IE opens random websites [Solved]


  • This topic is locked This topic is locked
33 replies to this topic

#1 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 09 February 2013 - 01:09 PM

Hi,

I've recently bought new laptop with Windows 8. I've installed Norton Internet security, MBAM and Spy Bot S&D. Any of these programs have found malware. But still randomly IE opens window with some random website.

Below Logs from OTL and Hijackthis:

OTL logfile created on: 2013-02-09 19:47:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piotrek\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,89 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 20,36% Memory free
7,39 Gb Paging File | 3,90 Gb Available in Paging File | 52,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 142,90 Gb Free Space | 76,70% Space Free | Partition Type: NTFS
Drive D: | 258,44 Gb Total Space | 239,29 Gb Free Space | 92,59% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Piotrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-09 19:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotrek\Desktop\OTL.exe
PRC - [2013-02-09 10:05:28 | 000,595,144 | ---- | M] (Murray Hurps Software Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AdMunch.exe
PRC - [2013-02-08 20:08:26 | 001,051,984 | ---- | M] (BitTorrent Inc.) -- C:\Users\Piotrek\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013-02-08 03:21:03 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013-02-08 02:29:56 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-01-18 16:19:42 | 003,881,320 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_pl_5\tuto4pc_pl_5.exe
PRC - [2013-01-18 16:19:42 | 002,132,840 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\tuto4pc_pl_5\upt4pc_pl_5.exe
PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-12-05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
PRC - [2012-11-13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012-11-13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012-11-13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012-11-13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012-11-13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012-10-31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012-08-27 21:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-08-08 12:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012-08-08 12:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012-08-06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012-08-03 17:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012-07-30 13:27:58 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012-07-25 10:53:18 | 001,558,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012-07-24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012-07-23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012-07-17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-07-06 12:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012-06-27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2012-06-07 15:12:06 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012-06-07 15:12:06 | 000,090,832 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012-05-28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012-04-13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012-03-28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-11-21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-08 03:21:15 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2013-02-08 03:21:03 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013-02-08 03:21:02 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013-02-08 03:21:02 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013-02-08 03:21:02 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013-02-08 03:21:02 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013-02-08 03:07:57 | 012,459,888 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013-01-26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013-01-26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013-01-18 16:19:42 | 003,881,320 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_pl_5\tuto4pc_pl_5.exe
MOD - [2013-01-18 16:19:42 | 002,132,840 | ---- | M] () -- C:\Users\Piotrek\AppData\Local\tuto4pc_pl_5\upt4pc_pl_5.exe
MOD - [2012-11-13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012-11-13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012-11-13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012-11-13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012-11-13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012-08-27 21:04:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012-06-07 15:12:04 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012-05-30 15:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.1.22\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-10-01 08:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2012-09-10 05:11:06 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012-07-26 05:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-07-26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-07-26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012-07-26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012-07-26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 04:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012-07-26 04:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012-07-26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012-07-26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-07-26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 04:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-07-26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 04:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-07-26 04:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-07-26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012-07-18 13:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012-07-18 13:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012-07-18 13:14:04 | 000,627,504 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012-07-18 13:13:40 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012-07-17 01:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012-05-02 14:49:44 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012-04-20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012-03-30 13:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2009-02-04 02:06:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2013-02-08 03:21:03 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-02-01 19:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-12-05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012-08-31 03:35:20 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-08-27 21:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-08-08 12:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012-08-08 12:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012-07-30 13:27:58 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012-07-26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-07-26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012-04-13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011-11-21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-02-09 08:41:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013-02-07 21:30:46 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-10-31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012-10-09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012-10-08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-10-04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012-10-04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012-09-18 10:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012-09-18 10:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2012-09-18 10:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012-09-18 10:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012-09-10 05:10:58 | 002,204,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012-09-07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012-09-07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012-08-31 03:35:08 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-08-27 04:11:04 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-08-20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012-08-19 15:53:16 | 004,273,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012-08-09 20:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012-08-09 20:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012-08-09 20:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012-08-09 20:29:52 | 000,048,096 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012-08-02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012-07-30 13:27:52 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012-07-26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 06:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012-07-26 06:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012-07-26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 06:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-07-26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012-07-26 06:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-07-26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012-07-26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 06:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-07-26 06:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-07-26 06:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-07-26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 06:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 05:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012-07-26 05:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012-07-26 05:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-07-26 05:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012-07-26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012-07-26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012-07-26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-07-26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 03:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012-07-26 03:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012-07-26 03:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-07-26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 03:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-07-26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 03:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-07-26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012-07-26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-07-24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012-07-24 04:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-07-19 10:21:42 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-07-17 01:39:22 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012-07-17 01:39:22 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012-07-14 18:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012-07-04 13:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2012-07-02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-21 03:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\symelam.sys -- (SymELAM)
DRV:64bit: - [2012-06-02 15:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012-06-02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012-06-02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012-06-02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012-06-02 15:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2012-05-31 04:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2012-05-25 06:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012-04-24 12:01:12 | 000,110,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012-03-30 13:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2012-03-30 13:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV:64bit: - [2009-08-07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2013-02-07 21:35:36 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130208.032\ex64.sys -- (NAVEX15)
DRV - [2013-02-07 21:35:36 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130208.032\eng64.sys -- (NAVENG)
DRV - [2013-02-06 20:12:44 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130208.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013-01-16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012-08-18 10:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012-08-18 10:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-09-07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...}...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...}...R&pc=ASU2JS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-4198418903-3409672105-402418262-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-4198418903-3409672105-402418262-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
IE - HKU\S-1-5-21-4198418903-3409672105-402418262-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4198418903-3409672105-402418262-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013-02-07 21:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013-02-09 18:42:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-08 19:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-02-09 11:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2013-02-09 11:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piotrek\AppData\Roaming\mozilla\Extensions
[2013-02-09 11:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-02-01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-02-01 21:08:18 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-01 21:08:18 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-01 21:08:18 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-01 21:08:18 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-01 21:08:18 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-01 21:08:18 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...m...=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestquerie...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Entanglement = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Bejeweled = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Angry Birds = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Dokumenty Google = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Lucidchart \u2013 Zespo\u0142owe tworzenie diagram\u00F3w = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0\
CHR - Extension: Dysk Google = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Green & Yellow = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddpiopodmdehhcbincajgeoedlecmfi\1.0_0\
CHR - Extension: YouTube = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Szukaj w Google = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech SetPoint = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\
CHR - Extension: Chain Reaction = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: Note Board = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\goficmpcgcnombioohjcgdhbaloknabb\4.0.3.6_0\
CHR - Extension: LastPass = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.21_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Lord of Ultima = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
CHR - Extension: SparkChess 6 = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.1.0.1_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Marble Hop = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmlfjpbnfnplhflmkkjelhohpggdelf\4.0_0\
CHR - Extension: ChessCube Chess = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpffdcpbindanieeagnpajlgpbeeno\1.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Bastion = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
CHR - Extension: Max Connect = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\peebcffbmignhnebbjhafalcbdddnpko\1.3.0_0\
CHR - Extension: Gmail = C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4198418903-3409672105-402418262-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [tuto4pc_pl_5] C:\Program Files (x86)\tuto4pc_pl_5\tuto4pc_pl_5.exe ()
O4 - HKU\S-1-5-21-4198418903-3409672105-402418262-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4198418903-3409672105-402418262-1002..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4198418903-3409672105-402418262-1002..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4198418903-3409672105-402418262-1002..\Run: [uTorrent] C:\Users\Piotrek\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKLM..\RunOnce: [upt4pc_pl_5.exe] C:\Users\Piotrek\AppData\Local\tuto4pc_pl_5\upt4pc_pl_5.exe ()
O4 - Startup: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Piotrek\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: Wypełnij formularze LastPass - file://C:\Users\Piotrek\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: LastPass - file://C:\Users\Piotrek\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: Wypełnij formularze LastPass - file://C:\Users\Piotrek\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61CBE6E-3025-459F-AF0A-96F6277CBB1A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-02-09 19:47:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-02-09 19:24:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Piotrek\Desktop\OTL.exe
[2013-02-09 19:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013-02-09 19:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013-02-09 19:04:14 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013-02-09 19:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013-02-09 18:22:15 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Adobe
[2013-02-09 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Ashampoo
[2013-02-09 14:45:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013-02-09 13:09:18 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013-02-09 12:55:33 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Malwarebytes
[2013-02-09 12:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-02-09 12:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-02-09 12:55:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-02-09 12:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-02-09 12:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2013-02-09 12:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2013-02-09 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\NVIDIA
[2013-02-09 11:26:33 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Mozilla
[2013-02-09 11:26:33 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Mozilla
[2013-02-09 11:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013-02-09 11:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013-02-09 11:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-02-09 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\My Games
[2013-02-09 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\My Games
[2013-02-09 10:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013-02-09 10:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013-02-09 10:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
[2013-02-09 10:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad Muncher
[2013-02-09 10:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad Muncher
[2013-02-09 08:56:13 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\ashampoo
[2013-02-09 08:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-02-09 08:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-02-09 08:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-02-09 08:46:22 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\tuto4pc_pl_5
[2013-02-09 08:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC
[2013-02-09 08:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuto4pc_pl_5
[2013-02-09 08:42:00 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys
[2013-02-09 08:42:00 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symelam.sys
[2013-02-09 08:41:59 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys
[2013-02-09 08:41:59 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys
[2013-02-09 08:41:59 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys
[2013-02-09 08:41:59 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys
[2013-02-09 08:41:59 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys
[2013-02-09 08:41:59 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys
[2013-02-09 08:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013-02-09 08:41:20 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013-02-09 08:40:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1402010.016
[2013-02-09 08:40:07 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\DAEMON Tools Lite
[2013-02-09 08:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013-02-09 08:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013-02-08 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Media Player Classic
[2013-02-08 21:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013-02-08 21:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013-02-08 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Programs
[2013-02-08 20:57:54 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\vlc
[2013-02-08 20:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-02-08 20:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013-02-08 20:06:42 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\uTorrent
[2013-02-08 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2013-02-08 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Leadertech
[2013-02-08 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2013-02-08 19:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013-02-08 19:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013-02-08 19:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013-02-08 19:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013-02-08 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013-02-08 19:17:01 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Logitech
[2013-02-08 19:17:01 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Logishrd
[2013-02-08 03:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ChessBase
[2013-02-08 03:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ChessBase
[2013-02-08 03:33:30 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\GOG.com Downloads
[2013-02-08 03:32:21 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\GOG.com
[2013-02-08 03:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013-02-08 03:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2013-02-08 03:19:36 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2013-02-08 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2013-02-08 03:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2013-02-08 03:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
[2013-02-08 02:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013-02-08 02:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013-02-08 02:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013-02-07 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013-02-07 21:46:54 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\Almost Human
[2013-02-07 21:33:59 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\Symantec
[2013-02-07 21:30:46 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013-02-07 21:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013-02-07 21:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013-02-07 21:30:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013-02-07 21:30:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013-02-07 21:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013-02-07 21:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-02-07 21:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-02-07 21:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013-02-07 20:32:39 | 000,000,000 | ---D | C] -- C:\Launchy
[2013-02-07 20:02:05 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\ChessBase
[2013-02-07 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Documents\ChessBase
[2013-02-07 20:01:45 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\ChessBase
[2013-02-07 19:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessBase
[2013-02-07 18:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-02-07 18:35:30 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Macromedia
[2013-02-07 18:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013-02-07 18:34:02 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Google
[2013-02-07 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Deployment
[2013-02-07 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Apps
[2013-02-07 18:26:27 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\ASUS WebStorage
[2013-02-07 18:25:58 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-02-07 18:25:58 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Searches
[2013-02-07 18:25:58 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Contacts
[2013-02-07 18:25:58 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-02-07 18:25:13 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Adobe
[2013-02-07 18:25:09 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS
[2013-02-07 18:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2013-02-07 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\VirtualStore
[2013-02-07 18:23:23 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Packages
[2013-02-07 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Intel
[2013-02-07 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\ASUS
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Ustawienia lokalne
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\AppData\Local\Temporary Internet Files
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Szablony
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\SendTo
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Recent
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\PrintHood
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\NetHood
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Documents\Moje wideo
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Documents\Moje obrazy
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Moje dokumenty
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Documents\Moja muzyka
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Menu Start
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\AppData\Local\Historia
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Dane aplikacji
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\AppData\Local\Dane aplikacji
[2013-02-07 18:23:16 | 000,000,000 | -HSD | C] -- C:\Users\Piotrek\Cookies
[2013-02-07 18:23:15 | 000,000,000 | --SD | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Pictures
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Music
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Links
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Favorites
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Downloads
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Documents
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Desktop
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-02-07 18:23:15 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013-02-07 18:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Piotrek\AppData
[2013-02-07 18:23:15 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Temp
[2013-02-07 18:23:15 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Local\Microsoft
[2013-02-07 18:23:15 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-02-07 18:23:14 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Videos
[2013-02-07 18:23:14 | 000,000,000 | R--D | C] -- C:\Users\Piotrek\Saved Games
[2013-02-07 18:23:14 | 000,000,000 | ---D | C] -- C:\Users\Piotrek\Roaming

========== Files - Modified Within 30 Days ==========

[2013-02-09 19:39:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-09 19:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotrek\Desktop\OTL.exe
[2013-02-09 19:06:49 | 003,456,219 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB
[2013-02-09 19:04:19 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013-02-09 18:48:26 | 003,564,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-02-09 18:48:26 | 000,794,946 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-02-09 18:48:26 | 000,730,544 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013-02-09 18:48:26 | 000,718,298 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013-02-09 18:48:26 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-02-09 18:48:26 | 000,174,018 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013-02-09 18:48:26 | 000,159,530 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-02-09 18:48:26 | 000,147,876 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013-02-09 18:48:26 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-02-09 18:44:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-09 18:42:44 | 000,000,380 | ---- | M] () -- C:\Users\Piotrek\AppData\Roaming\sp_data.sys
[2013-02-09 18:42:34 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-09 18:42:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-02-09 18:42:01 | 3339,911,168 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-09 14:47:46 | 000,298,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-09 13:51:25 | 000,003,120 | ---- | M] () -- C:\{9CE2436C-9FB1-413E-BB33-A8B3A6E7E5AC}
[2013-02-09 13:15:29 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021
[2013-02-09 12:55:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-02-09 12:15:11 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.SP1a.lnk
[2013-02-09 11:26:28 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-02-09 10:43:33 | 000,002,185 | ---- | M] () -- C:\Users\Piotrek\Desktop\Autostart — skrót.lnk
[2013-02-09 08:41:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013-02-08 19:21:06 | 000,001,356 | ---- | M] () -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk
[2013-02-08 03:19:39 | 000,002,112 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
[2013-02-08 03:19:36 | 014,794,312 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2013-02-08 02:27:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013-02-08 02:09:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013-02-07 21:30:46 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013-02-07 21:30:46 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013-02-07 21:30:46 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013-02-02 04:05:00 | 013,144,064 | ---- | M] () -- C:\Users\Piotrek\AppData\Roaming\Sandra.mdb

========== Files Created - No Company Name ==========

[2013-02-09 19:04:19 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013-02-09 19:04:19 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013-02-09 14:47:36 | 000,298,784 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-09 13:51:25 | 000,003,120 | ---- | C] () -- C:\{9CE2436C-9FB1-413E-BB33-A8B3A6E7E5AC}
[2013-02-09 13:15:29 | 003,456,219 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB
[2013-02-09 13:15:29 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021
[2013-02-09 12:55:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-02-09 12:15:30 | 013,144,064 | ---- | C] () -- C:\Users\Piotrek\AppData\Roaming\Sandra.mdb
[2013-02-09 12:15:11 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2013.SP1a.lnk
[2013-02-09 11:26:28 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013-02-09 11:26:28 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-02-09 10:43:33 | 000,002,185 | ---- | C] () -- C:\Users\Piotrek\Desktop\Autostart — skrót.lnk
[2013-02-09 08:56:16 | 000,001,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
[2013-02-09 08:42:00 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symelam64.cat
[2013-02-09 08:42:00 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnet64.cat
[2013-02-09 08:42:00 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnet.inf
[2013-02-09 08:42:00 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symelam.inf
[2013-02-09 08:41:59 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.cat
[2013-02-09 08:41:59 | 000,007,605 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.cat
[2013-02-09 08:41:59 | 000,007,603 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.cat
[2013-02-09 08:41:59 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.cat
[2013-02-09 08:41:59 | 000,007,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.cat
[2013-02-09 08:41:59 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\iron.cat
[2013-02-09 08:41:59 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa.inf
[2013-02-09 08:41:59 | 000,002,851 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds.inf
[2013-02-09 08:41:59 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.inf
[2013-02-09 08:41:59 | 000,001,418 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.inf
[2013-02-09 08:41:59 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.inf
[2013-02-09 08:41:59 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\iron.inf
[2013-02-09 08:40:41 | 000,009,103 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symvtcer.dat
[2013-02-09 08:40:41 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\isolate.ini
[2013-02-08 21:00:58 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013-02-08 19:21:06 | 000,001,356 | ---- | C] () -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Rejestracja produktu.lnk
[2013-02-08 03:19:39 | 000,002,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
[2013-02-08 02:27:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013-02-08 02:09:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013-02-07 21:30:46 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013-02-07 21:30:46 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013-02-07 18:34:10 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-07 18:34:10 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-07 18:26:19 | 000,000,380 | ---- | C] () -- C:\Users\Piotrek\AppData\Roaming\sp_data.sys
[2013-02-07 18:25:13 | 000,001,440 | ---- | C] () -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012-09-19 08:09:29 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012-09-19 08:09:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-09-19 08:09:06 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-08-04 18:37:02 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-08-04 18:37:02 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-07-26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-26 01:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012-07-25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-07-25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-06-02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012-04-20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012-12-12 14:48:33 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-10-11 06:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-10-11 06:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2012-07-26 10:43:22 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012-07-26 10:43:22 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012-07-26 10:43:22 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012-08-02 19:09:41 | 000,004,289 | ---- | M] () MD5=11E2B9C1E0F8F7245E78541720533A8D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_65bd7a21cb727f77\Explorer.adml
[2012-08-02 19:09:41 | 000,004,289 | ---- | M] () MD5=11E2B9C1E0F8F7245E78541720533A8D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_hu-hu_65f28b59cb4ad792\Explorer.adml
[2012-08-02 19:09:41 | 000,004,289 | ---- | M] () MD5=11E2B9C1E0F8F7245E78541720533A8D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_hu-hu_667d286ee46790b3\Explorer.adml
[2012-08-02 19:05:33 | 000,004,163 | ---- | M] () MD5=95D19FDF184A28A5F9B275865613F40C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_3873db9b0d1f4bf6\Explorer.adml
[2012-08-02 19:05:33 | 000,004,163 | ---- | M] () MD5=95D19FDF184A28A5F9B275865613F40C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_cs-cz_38a8ecd30cf7a411\Explorer.adml
[2012-08-02 19:05:33 | 000,004,163 | ---- | M] () MD5=95D19FDF184A28A5F9B275865613F40C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_cs-cz_393389e826145d32\Explorer.adml
[2012-08-02 19:01:30 | 000,004,196 | ---- | M] () MD5=FEBD7B7BA4DA13C8ADFB742C54DA3FD0 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_7b1272d76244120f\Explorer.adml
[2012-08-02 19:01:30 | 000,004,196 | ---- | M] () MD5=FEBD7B7BA4DA13C8ADFB742C54DA3FD0 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_pl-pl_7b47840f621c6a2a\Explorer.adml
[2012-08-02 19:01:30 | 000,004,196 | ---- | M] () MD5=FEBD7B7BA4DA13C8ADFB742C54DA3FD0 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_pl-pl_7bd221247b39234b\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2012-06-02 15:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012-06-02 15:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012-06-02 15:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012-06-02 15:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012-06-02 15:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2012-10-11 06:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012-10-11 09:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012-07-26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\SysWOW64\explorer.exe
[2012-07-26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012-07-26 05:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\explorer.exe
[2012-07-26 05:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012-10-11 06:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012-10-11 08:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2012-11-13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: EXPLORER.EXE.CONFIG >
[2009-02-26 07:50:32 | 000,000,176 | ---- | M] () MD5=E1FD9DE48AF5D7652AA31BBE914F54B8 -- C:\Windows\explorer.exe.config

< MD5 for: EXPLORER.EXE.LOG >
[2013-02-08 22:20:08 | 000,001,284 | ---- | M] () MD5=B003148A4E32048B9C4760675419C866 -- C:\Users\Piotrek\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Explorer.EXE.log

< MD5 for: EXPLORER.EXE.MUI >
[2012-07-26 10:43:16 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=84F06AD66B7C695883828567062DA1E6 -- C:\Windows\en-GB\explorer.exe.mui
[2012-07-26 10:43:16 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=84F06AD66B7C695883828567062DA1E6 -- C:\Windows\SysWOW64\en-GB\explorer.exe.mui
[2012-07-26 10:43:16 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=84F06AD66B7C695883828567062DA1E6 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-gb_57337364023d4d26\explorer.exe.mui
[2012-07-26 10:43:16 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=84F06AD66B7C695883828567062DA1E6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-gb_61881db6369e0f21\explorer.exe.mui
[2012-08-02 19:12:44 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=9FB17E97B578C27A50D54013B78EC0E8 -- C:\Windows\sk-SK\explorer.exe.mui
[2012-08-02 19:12:44 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=9FB17E97B578C27A50D54013B78EC0E8 -- C:\Windows\SysWOW64\sk-SK\explorer.exe.mui
[2012-08-02 19:12:44 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=9FB17E97B578C27A50D54013B78EC0E8 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_sk-sk_46f84ae34384eebc\explorer.exe.mui
[2012-08-02 19:12:44 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=9FB17E97B578C27A50D54013B78EC0E8 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_sk-sk_514cf53577e5b0b7\explorer.exe.mui
[2012-08-02 19:05:18 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=CC5012E442944D8096EC475D89BE1538 -- C:\Windows\cs-CZ\explorer.exe.mui
[2012-08-02 19:05:18 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=CC5012E442944D8096EC475D89BE1538 -- C:\Windows\SysWOW64\cs-CZ\explorer.exe.mui
[2012-08-02 19:05:18 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=CC5012E442944D8096EC475D89BE1538 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_1b65e326166ba48d\explorer.exe.mui
[2012-08-02 19:05:18 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=CC5012E442944D8096EC475D89BE1538 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_25ba8d784acc6688\explorer.exe.mui
[2012-08-02 19:09:20 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D0148BB19672E0305094A82A4DD21D86 -- C:\Windows\hu-HU\explorer.exe.mui
[2012-08-02 19:09:20 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D0148BB19672E0305094A82A4DD21D86 -- C:\Windows\SysWOW64\hu-HU\explorer.exe.mui
[2012-08-02 19:09:20 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D0148BB19672E0305094A82A4DD21D86 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_48af81acd4bed80e\explorer.exe.mui
[2012-08-02 19:09:20 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D0148BB19672E0305094A82A4DD21D86 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_53042bff091f9a09\explorer.exe.mui
[2012-08-02 19:01:12 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\pl-PL\explorer.exe.mui
[2012-08-02 19:01:12 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\pl-PL\explorer.exe.mui
[2012-08-02 19:01:12 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_5e047a626b906aa6\explorer.exe.mui
[2012-08-02 19:01:12 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_685924b49ff12ca1\explorer.exe.mui

< MD5 for: EXPLORER.EXE-03C49D11.PF >
[2013-02-09 08:23:07 | 000,237,638 | ---- | M] () MD5=FAC3CD7E3CF8E91A87106057894CAC8D -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf

< MD5 for: IEXPLORE.EXE >
[2012-10-11 07:34:54 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=06E77B5F6BB60E11A377B68BA4AA1DA7 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2012-10-11 08:33:47 | 000,775,168 | ---- | M] (Microsoft Corporation) MD5=0A5074651C95792D32BCF536D64D0463 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2012-07-26 04:36:56 | 000,770,504 | ---- | M] (Microsoft Corporation) MD5=1249974F2A658D07E2647DD9C3592B9E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2012-10-11 08:24:22 | 000,775,168 | ---- | M] (Microsoft Corporation) MD5=13F97D5006C3E37D0A4AABC767C0E553 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2012-12-14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012-07-26 05:58:31 | 000,775,112 | ---- | M] (Microsoft Corporation) MD5=29CD24D8CA72FDB986B39277E70A48B6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2012-11-08 07:58:26 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=2F92EE7EE7E189EBDDADD5BEEB7E9DE0 -- C:\Program Files\Internet Explorer\iexplore.exe
[2012-11-08 07:58:26 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=2F92EE7EE7E189EBDDADD5BEEB7E9DE0 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16453_none_37fabb5eec23159f\iexplore.exe
[2012-10-24 04:14:41 | 000,770,528 | ---- | M] (Microsoft Corporation) MD5=39F90724C1A98648CCCDDF13631F2D4A -- C:\Windows\SoftwareDistribution\Download\b502966e4ca194c5d17b98b347e59139\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2012-11-08 07:48:39 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=4B33704E4B071EC44806846CBE50EB2A -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20557_none_2121e9b705d2f7c9\iexplore.exe
[2012-10-24 04:20:45 | 000,770,528 | ---- | M] (Microsoft Corporation) MD5=79FF6755B94FF918441D8F8162E5AC9C -- C:\Windows\SoftwareDistribution\Download\b502966e4ca194c5d17b98b347e59139\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2012-11-08 05:52:27 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=7EBFC838C815C3DACA135837D8F7906E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20557_none_2b7694093a33b9c4\iexplore.exe
[2012-10-24 05:43:41 | 000,775,136 | ---- | M] (Microsoft Corporation) MD5=8E1B68702CDB0DDC6597357766E941D9 -- C:\Windows\SoftwareDistribution\Download\b502966e4ca194c5d17b98b347e59139\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2012-10-11 06:41:41 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=BCF25D644DF1288CD9A6524FF7AB23C8 -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2012-11-08 05:45:20 | 000,770,520 | ---- | M] (Microsoft Corporation) MD5=D05965C02FD5781503968225B22189F4 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012-11-08 05:45:20 | 000,770,520 | ---- | M] (Microsoft Corporation) MD5=D05965C02FD5781503968225B22189F4 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16453_none_424f65b12083d79a\iexplore.exe
[2012-10-24 07:08:39 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=F78F14096EB41341C4D880CEA6D681A2 -- C:\Windows\SoftwareDistribution\Download\b502966e4ca194c5d17b98b347e59139\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2012-08-02 19:01:32 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=1D079DAA5A4F0F8268FD4B374E69A4B5 -- C:\Program Files (x86)\Internet Explorer\pl-PL\iexplore.exe.mui
[2012-08-02 19:01:32 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=1D079DAA5A4F0F8268FD4B374E69A4B5 -- C:\Program Files\Internet Explorer\pl-PL\iexplore.exe.mui
[2012-08-02 19:01:32 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=1D079DAA5A4F0F8268FD4B374E69A4B5 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_pl-pl_30fd56b891f009f6\iexplore.exe.mui
[2012-08-02 19:01:32 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=1D079DAA5A4F0F8268FD4B374E69A4B5 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_pl-pl_3b52010ac650cbf1\iexplore.exe.mui
[2012-07-26 10:43:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=475544D9945EB3B97ACAA856732A816D -- C:\Program Files (x86)\Internet Explorer\en-GB\iexplore.exe.mui
[2012-07-26 10:43:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=475544D9945EB3B97ACAA856732A816D -- C:\Program Files\Internet Explorer\en-GB\iexplore.exe.mui
[2012-07-26 10:43:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=475544D9945EB3B97ACAA856732A816D -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-gb_2a2c4fba289cec76\iexplore.exe.mui
[2012-07-26 10:43:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=475544D9945EB3B97ACAA856732A816D -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-gb_3480fa0c5cfdae71\iexplore.exe.mui
[2012-08-02 19:05:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4E8A0EE407E7AE239875DF1CCD1EFB2E -- C:\Program Files (x86)\Internet Explorer\cs-CZ\iexplore.exe.mui
[2012-08-02 19:05:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4E8A0EE407E7AE239875DF1CCD1EFB2E -- C:\Program Files\Internet Explorer\cs-CZ\iexplore.exe.mui
[2012-08-02 19:05:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4E8A0EE407E7AE239875DF1CCD1EFB2E -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_cs-cz_ee5ebf7c3ccb43dd\iexplore.exe.mui
[2012-08-02 19:05:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4E8A0EE407E7AE239875DF1CCD1EFB2E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_cs-cz_f8b369ce712c05d8\iexplore.exe.mui
[2012-08-02 19:09:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=92E972092AB6FD71E263E367A8E55B80 -- C:\Program Files (x86)\Internet Explorer\hu-HU\iexplore.exe.mui
[2012-08-02 19:09:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=92E972092AB6FD71E263E367A8E55B80 -- C:\Program Files\Internet Explorer\hu-HU\iexplore.exe.mui
[2012-08-02 19:09:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=92E972092AB6FD71E263E367A8E55B80 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_hu-hu_1ba85e02fb1e775e\iexplore.exe.mui
[2012-08-02 19:09:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=92E972092AB6FD71E263E367A8E55B80 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_hu-hu_25fd08552f7f3959\iexplore.exe.mui
[2012-08-02 19:12:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C46670F5BC9127A5FA8D5E80FCE1DB33 -- C:\Program Files (x86)\Internet Explorer\sk-SK\iexplore.exe.mui
[2012-08-02 19:12:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C46670F5BC9127A5FA8D5E80FCE1DB33 -- C:\Program Files\Internet Explorer\sk-SK\iexplore.exe.mui
[2012-08-02 19:12:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C46670F5BC9127A5FA8D5E80FCE1DB33 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_sk-sk_19f1273969e48e0c\iexplore.exe.mui
[2012-08-02 19:12:55 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=C46670F5BC9127A5FA8D5E80FCE1DB33 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_sk-sk_2445d18b9e455007\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-7A9337F2.PF >
[2013-02-09 18:53:08 | 000,091,376 | ---- | M] () MD5=1575E368700C54861451760FCC9EDA8E -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf

< MD5 for: IEXPLORE.EXE-F4FB5D2D.PF >
[2013-02-09 18:52:59 | 000,022,884 | ---- | M] () MD5=7A4470DEC7815C014E2447C1B5C1D611 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2D.pf

< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF >
[2013-02-09 18:53:09 | 000,344,742 | ---- | M] () MD5=1549CFEDAE61EBC1041BB0EA7F092B3E -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf

< MD5 for: SERVICES >
[2012-07-26 06:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services

< MD5 for: SERVICES.ASFX >
[2010-11-15 21:02:34 | 000,000,233 | ---- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2010-11-15 21:02:34 | 000,000,233 | ---- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2010-11-15 21:02:34 | 000,000,232 | ---- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2010-11-15 21:02:32 | 000,000,229 | ---- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2010-11-15 21:02:22 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2012-09-20 07:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\SoftwareDistribution\Download\f7f3f78cb5a30b7a9964504cdf37e9a9\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012-07-26 06:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\SysNative\services.exe
[2012-07-26 06:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012-09-20 07:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SoftwareDistribution\Download\f7f3f78cb5a30b7a9964504cdf37e9a9\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012-08-02 19:12:36 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=4188B835E732038DF40FCE22F28740C4 -- C:\Windows\SysNative\sk-SK\services.exe.mui
[2012-08-02 19:12:36 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=4188B835E732038DF40FCE22F28740C4 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_sk-sk_ab030adcf5d85189\services.exe.mui
[2012-08-02 19:08:54 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=963C3277A1C37E33C821F462C0CE0889 -- C:\Windows\SysNative\hu-HU\services.exe.mui
[2012-08-02 19:08:54 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=963C3277A1C37E33C821F462C0CE0889 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_acba41a687123adb\services.exe.mui
[2012-07-26 10:42:57 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=DCC978632D7ADF6047B19DD118B54598 -- C:\Windows\SysNative\en-GB\services.exe.mui
[2012-07-26 10:42:57 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=DCC978632D7ADF6047B19DD118B54598 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-gb_bb3e335db490aff3\services.exe.mui
[2012-08-02 19:04:54 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=F06EE2EBAED8BCAD768F161298942203 -- C:\Windows\SysNative\cs-CZ\services.exe.mui
[2012-08-02 19:04:54 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=F06EE2EBAED8BCAD768F161298942203 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_7f70a31fc8bf075a\services.exe.mui
[2012-08-02 19:00:54 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\pl-PL\services.exe.mui
[2012-08-02 19:00:54 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_c20f3a5c1de3cd73\services.exe.mui

< MD5 for: SERVICES.JS >
[2012-07-26 10:46:48 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 10:46:39 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 10:46:36 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 10:47:17 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 10:46:43 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js

< MD5 for: SERVICES.LNK >
[2012-07-25 21:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 21:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 21:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk

< MD5 for: SERVICES.MOF >
[2012-06-02 15:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012-06-02 15:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof

< MD5 for: SERVICES.MSC >
[2012-08-02 19:09:18 | 000,092,764 | ---- | M] () MD5=22FA8B351DAD2345857EC1FFD9CA4F85 -- C:\Windows\SysNative\hu-HU\services.msc
[2012-08-02 19:09:18 | 000,092,764 | ---- | M] () MD5=22FA8B351DAD2345857EC1FFD9CA4F85 -- C:\Windows\SysWOW64\hu-HU\services.msc
[2012-08-02 19:09:18 | 000,092,764 | ---- | M] () MD5=22FA8B351DAD2345857EC1FFD9CA4F85 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_e6fc11925d7bd4ce\services.msc
[2012-08-02 19:09:18 | 000,092,764 | ---- | M] () MD5=22FA8B351DAD2345857EC1FFD9CA4F85 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_8add760ea51e6398\services.msc
[2012-07-26 10:43:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012-06-02 15:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012-07-26 10:43:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012-06-02 15:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012-07-26 10:43:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012-06-02 15:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012-06-02 15:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012-07-26 10:43:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
[2012-08-02 19:05:11 | 000,092,784 | ---- | M] () MD5=92D97CB8A9C79F241C2F30F32F138EF4 -- C:\Windows\SysNative\cs-CZ\services.msc
[2012-08-02 19:05:11 | 000,092,784 | ---- | M] () MD5=92D97CB8A9C79F241C2F30F32F138EF4 -- C:\Windows\SysWOW64\cs-CZ\services.msc
[2012-08-02 19:05:11 | 000,092,784 | ---- | M] () MD5=92D97CB8A9C79F241C2F30F32F138EF4 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_b9b2730b9f28a14d\services.msc
[2012-08-02 19:05:11 | 000,092,784 | ---- | M] () MD5=92D97CB8A9C79F241C2F30F32F138EF4 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_5d93d787e6cb3017\services.msc
[2012-08-02 19:01:10 | 000,092,757 | ---- | M] () MD5=D037A530CD7505F7CCD69AA66CA33BF8 -- C:\Windows\SysNative\pl-PL\services.msc
[2012-08-02 19:01:10 | 000,092,757 | ---- | M] () MD5=D037A530CD7505F7CCD69AA66CA33BF8 -- C:\Windows\SysWOW64\pl-PL\services.msc
[2012-08-02 19:01:10 | 000,092,757 | ---- | M] () MD5=D037A530CD7505F7CCD69AA66CA33BF8 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_fc510a47f44d6766\services.msc
[2012-08-02 19:01:10 | 000,092,757 | ---- | M] () MD5=D037A530CD7505F7CCD69AA66CA33BF8 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_a0326ec43beff630\services.msc

< MD5 for: SERVICES.PTXML >
[2012-07-25 21:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012-07-25 21:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011-03-01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs

< MD5 for: WINLOGON.ADML >
[2012-08-02 19:09:39 | 000,010,067 | ---- | M] () MD5=C0BE50ECF72EAD6188AB0BC2477E5390 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_d7c10c173dff06e3\WinLogon.adml
[2012-07-26 10:43:22 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
[2012-08-02 19:01:28 | 000,009,349 | ---- | M] () MD5=CDFB1A4908C901A5474AC16CDE71C4EB -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_ed1604ccd4d0997b\WinLogon.adml
[2012-08-02 19:05:32 | 000,009,051 | ---- | M] () MD5=DCEA578317CA03645DDEE1987700A0D3 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_aa776d907fabd362\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2012-06-02 15:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2012-09-20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\SoftwareDistribution\Download\f7f3f78cb5a30b7a9964504cdf37e9a9\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012-12-14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012-09-20 07:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\SoftwareDistribution\Download\f7f3f78cb5a30b7a9964504cdf37e9a9\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012-07-26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\SysNative\winlogon.exe
[2012-07-26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012-10-11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012-10-11 06:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\SoftwareDistribution\Download\f707f58b0895c0ce5aeeb264f0d05ce2\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2012-08-02 19:09:12 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=189960CEC8C17EE6B63818962573BDD3 -- C:\Windows\SysNative\hu-HU\winlogon.exe.mui
[2012-08-02 19:09:12 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=189960CEC8C17EE6B63818962573BDD3 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_0db58c1a65337f54\winlogon.exe.mui
[2012-08-02 19:01:07 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=32A3C78B49262F979821374CBD27E37C -- C:\Windows\SysNative\pl-PL\winlogon.exe.mui
[2012-08-02 19:01:07 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=32A3C78B49262F979821374CBD27E37C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_230a84cffc0511ec\winlogon.exe.mui
[2012-07-26 10:43:12 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=D64464A320C9EF2F35CC3B0506F42FFE -- C:\Windows\SysNative\en-GB\winlogon.exe.mui
[2012-07-26 10:43:12 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=D64464A320C9EF2F35CC3B0506F42FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-gb_1c397dd192b1f46c\winlogon.exe.mui
[2012-08-02 19:12:41 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=E03EFF002E6AEB4F8B339493B6C78F87 -- C:\Windows\SysNative\sk-SK\winlogon.exe.mui
[2012-08-02 19:12:41 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=E03EFF002E6AEB4F8B339493B6C78F87 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_sk-sk_0bfe5550d3f99602\winlogon.exe.mui
[2012-08-02 19:05:08 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=F652D349F111F5D8E6E3B43BB763885D -- C:\Windows\SysNative\cs-CZ\winlogon.exe.mui
[2012-08-02 19:05:08 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=F652D349F111F5D8E6E3B43BB763885D -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_e06bed93a6e04bd3\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-0D9AB72B.PF >
[2013-02-08 22:20:04 | 000,073,924 | ---- | M] () MD5=4DCA799ED71BFCDAA6B15F48D64CD461 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf

< MD5 for: WINLOGON.MFL >
[2012-07-26 10:43:12 | 000,001,080 | ---- | M] () MD5=0779A1504D28B9451EC8E32425EA473B -- C:\Windows\SysNative\wbem\en-GB\winlogon.mfl
[2012-07-26 10:43:12 | 000,001,080 | ---- | M] () MD5=0779A1504D28B9451EC8E32425EA473B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-gb_79fbcf9cadea4e01\winlogon.mfl
[2012-08-02 19:09:12 | 000,001,080 | ---- | M] () MD5=40EFD02631BA1895DCCA31EC2874508E -- C:\Windows\SysNative\wbem\hu-HU\winlogon.mfl
[2012-08-02 19:09:12 | 000,001,080 | ---- | M] () MD5=40EFD02631BA1895DCCA31EC2874508E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_hu-hu_6b77dde5806bd8e9\winlogon.mfl
[2012-08-02 19:01:06 | 000,001,080 | ---- | M] () MD5=43DFDBFDFB7703B4E0E1533766E0C9C7 -- C:\Windows\SysNative\wbem\pl-PL\winlogon.mfl
[2012-08-02 19:01:06 | 000,001,080 | ---- | M] () MD5=43DFDBFDFB7703B4E0E1533766E0C9C7 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_pl-pl_80ccd69b173d6b81\winlogon.mfl
[2012-08-02 19:05:08 | 000,001,080 | ---- | M] () MD5=8DF8F9602B22BE1CA052A0DC2DFFD3F5 -- C:\Windows\SysNative\wbem\cs-CZ\winlogon.mfl
[2012-08-02 19:05:08 | 000,001,080 | ---- | M] () MD5=8DF8F9602B22BE1CA052A0DC2DFFD3F5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_3e2e3f5ec218a568\winlogon.mfl
[2012-08-02 19:12:41 | 000,001,080 | ---- | M] () MD5=B2D2031936E74E2DEF00366F78AE127A -- C:\Windows\SysNative\wbem\sk-SK\winlogon.mfl
[2012-08-02 19:12:41 | 000,001,080 | ---- | M] () MD5=B2D2031936E74E2DEF00366F78AE127A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_sk-sk_69c0a71bef31ef97\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2012-07-25 21:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012-07-25 21:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2012-07-26 04:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012-06-02 15:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2013-02-09 18:42:01 | 3339,911,168 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-09 18:42:03 | 3758,096,384 | -HS- | M] () -- C:\pagefile.sys
[2013-02-09 18:42:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-02-09 12:45:07 | 000,160,984 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.02.2013_12.43.37_log.txt
[2013-02-09 14:40:32 | 000,162,012 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.02.2013_14.39.37_log.txt
[2012-09-12 04:03:46 | 006,293,504 | RH-- | M] () -- C:\UX42VS.BIN
[2013-02-09 13:51:25 | 000,003,120 | ---- | M] () -- C:\{9CE2436C-9FB1-413E-BB33-A8B3A6E7E5AC}

< %systemroot%\Fonts\*.com >
[2012-08-02 14:33:56 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012-08-02 14:33:56 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012-08-02 14:33:56 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012-08-02 14:33:56 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012-07-26 09:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2012-07-26 09:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
[2009-02-26 07:50:32 | 000,000,176 | ---- | M] () -- C:\Windows\explorer.exe.config

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013-02-07 18:30:00 | 000,000,223 | -HS- | M] () -- C:\Users\Piotrek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013-02-09 19:24:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piotrek\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[2013-02-08 03:19:36 | 014,794,312 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:16, on 2013-02-09
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16453)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Piotrek\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\tuto4pc_pl_5\tuto4pc_pl_5.exe
C:\Program Files (x86)\Ad Muncher\AdMunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Piotrek\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [tuto4pc_pl_5] "C:\Program Files (x86)\tuto4pc_pl_5\tuto4pc_pl_5.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [upt4pc_pl_5.exe] C:\Users\Piotrek\AppData\Local\tuto4pc_pl_5\upt4pc_pl_5.exe -runonce
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Piotrek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - Startup: Logitech . Rejestracja produktu.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: LastPass - file://C:\Users\Piotrek\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Wypełnij formularze LastPass - file://C:\Users\Piotrek\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: Wyślij do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Wyślij do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem7.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13963 bytes

#2 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,656 posts
  • MVP

Posted 13 February 2013 - 06:41 AM

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
---------

Sorry for any delays. :)
---------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Posted Image Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

Posted Image
Click the image to enlarge it
----------

Posted Image AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
----------

#3 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 07:58 AM

Hi jeffce! :) I'm very glad for your help. I will provide logs as soon as possible.

#4 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,656 posts
  • MVP

Posted 13 February 2013 - 08:05 AM

:thumbup:

#5 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 12:24 PM

Uploading logs. BTW, if my nickname is too hard - my name is Peter :)

Attached Files



#6 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,656 posts
  • MVP

Posted 13 February 2013 - 01:28 PM

Hi,

Nice to meet you Peter. :)

After seeing that aswMBR log I would like to run another tool before we begin cleaning to be sure...

Posted Image Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct items.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

#7 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 02:21 PM

log in attachment

Attached Files



#8 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,656 posts
  • MVP

Posted 13 February 2013 - 02:50 PM

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...R&pc=ASU2JS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...R&pc=ASU2JS
    IE - HKU\S-1-5-21-4198418903-3409672105-402418262-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the new OTL logs and let me know how your system is running. :)

#9 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 03:06 PM

fix is done, no IE window occured :) But to be sure - I should check boxes "LOP" and "Purity" or not? Sorry I'm asking but English is not my native language :)

Edited by Król podziemia, 13 February 2013 - 03:06 PM.


#10 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 03:11 PM

unfortunately, I've just got popped with some random website in IE :( Maybe I did something wrong?

#11 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 03:32 PM

I've made otl scan with marked purity and lop checked

Attached Files

  • Attached File  OTL.Txt   360.39KB   77 downloads


#12 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,656 posts
  • MVP

Posted 13 February 2013 - 03:38 PM

Hi, Your English is just fine. :) You say that you got a popup in IE? Is that the only browser it occurs in?

#13 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 13 February 2013 - 03:51 PM

Yes, randomly, from time to time, opens IE (no other browsers - I use Chrome for browsing) window with some fake websites. Also MBAM often notifies that it has blocked suspicious websites (i have no idea if it's related).

Edited by Król podziemia, 13 February 2013 - 03:52 PM.


#14 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,656 posts
  • MVP

Posted 13 February 2013 - 05:01 PM

Posted Image AdwCleaner
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
----------

#15 Król podziemia

Król podziemia

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 14 February 2013 - 12:51 PM

uploading log



Similar Topics: IE opens random websites [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users