Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Kamil (administrator) on MYSZA on 07-10-2013 18:49:50
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Google Update] - C:\Users\Kamil\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-23] (Google Inc.)
HKCU\...\Run: [IPLA!] - E:\ipla\ipla.exe [21047208 2013-03-13] (Redefine Sp z o.o.)
HKCU\...\Run: [ChomikBox] - C:\Program Files (x86)\ChomikBox\chomikbox.exe [5951488 2012-02-28] ( )
HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKCU\...\Run: [NetLimiter] - C:\Program Files\NetLimiter 3\NLClientApp.exe [2790400 2010-08-30] (Locktime Software)
HKCU\...\Run: [Facebook Update] - C:\Users\Kamil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-16] (Facebook Inc.)
HKCU\...\Run: [SpeedConnectStartUp] - [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: H - H:\AutoRun.exe
MountPoints2: {012f0fa8-1eb6-11e1-ac0e-001e101faa49} - H:\AutoRun.exe
MountPoints2: {04adf009-b381-11e0-a117-806e6f6e6963} - F:\Run.exe
MountPoints2: {58cd6cd1-1531-11e1-9759-001d7d98fba8} - H:\AutoRun.exe
MountPoints2: {58cd6cdd-1531-11e1-9759-001d7d98fba8} - G:\AutoRun.exe
MountPoints2: {6da98ba8-326f-11e1-b8b1-001d7d98fba8} - H:\AutoRun.exe
MountPoints2: {a1108bc2-1612-11e1-81c0-001d7d98fba8} - G:\AutoRun.exe
MountPoints2: {b025306a-0c47-11e1-8ee7-001d7d98fba8} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.hta
MountPoints2: {b9ca8607-76f3-11e2-b8cc-001e101f50a4} - H:\Setup.exe
MountPoints2: {bfdc77c5-d426-11e1-92ec-001e101fb4df} - H:\AutoRun.exe
MountPoints2: {ce2657df-15a4-11e1-a1d5-001e101fb4df} - H:\AutoRun.exe
HKLM-x32\...\Run: [Onet.pl AutoUpdate] - C:\Program Files (x86)\Common Files\Onet.pl\AutoUpdate.exe [260096 2005-07-27] (Onet.pl)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2012-03-09] (Apple Computer, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [DownloadStudio] - C:\Program Files (x86)\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe [156312 2009-07-09] (Conceiva Pty. Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [fungamesgalaxy_WhenuSave_Installer] - C:\Program Files (x86)\fungamesgalaxy_WhenUSave_Installer\fungamesgalaxy_WhenUSave_Installer.exe [148480 2006-04-11] (WhenU.com, Inc.)
HKLM-x32\...\Run: [Setup] - C:\Program Files (x86)\Setup\Setup.exe [137728 2006-06-08] (WhenU.com, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [395144 2011-05-17] (Ask)
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Kamil\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nero.bat.lnk
ShortcutTarget: nero.bat.lnk -> C:\Windows\SysWOW64\nero.bat ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winword.exe.lnk
ShortcutTarget: winword.exe.lnk -> C:\Windows\SysWOW64\winword.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&tb=MPC2
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2312123
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2312123
SearchScopes: HKCU - DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {3D1786A9-9D8B-49FB-9372-546C8AF93D40} URL = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=004A2030-0957-45D4-A426-153ABB6834E7&apn_sauid=9AF745B4-F8D0-4583-BD7C-17F657F76D4C
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2312123
BHO-x32: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DownloadStudio IE Add-on - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files (x86)\Conceiva\DownloadStudio\DLMonitr.dll (Conceiva Pty Ltd)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar.dll (Google Inc.)
BHO-x32: wxDfast Class - {B3F1A672-3D78-45F4-B500-6CB78A3F47DD} - C:\ProgramData\wxDfast\bhoclass.dll (Injector)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{5FB328BA-8074-4C84-9652-1D80865D7543}: [NameServer]212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{A4DDEF73-2E46-4842-AC7C-C4455981C4C4}: [NameServer]212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{E859D45A-DB64-4553-81FA-9C6817408E76}: [NameServer]193.41.112.14 193.41.112.18
Tcpip\..\Interfaces\{EBBE2A52-26DC-4605-902E-4C55DA503C9E}: [NameServer]193.41.112.14 193.41.112.18
Tcpip\..\Interfaces\{F0D524FA-9054-45A7-837D-270F805459C3}: [NameServer]193.41.112.14 193.41.112.18

FireFox:
========
FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\20xff3cf.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: DAEMON Search
FF Homepage: hxxp://www.daemon-search.com/startpage
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files (x86)\Magic Burning Studio\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files (x86)\Magic Burning Studio\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files (x86)\Magic Burning Studio\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files (x86)\Magic Burning Studio\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kamil\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kamil\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Kamil\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\20xff3cf.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\20xff3cf.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\20xff3cf.default\Extensions\DTToolbar@toolbarnet.com
FF Extension: Ask Toolbar - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\20xff3cf.default\Extensions\toolbar@ask.com
FF Extension: Real Networks Settings - C:\Program Files (x86)\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
FF Extension: Talkback - C:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kamil\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: hxxp://www.google.pl/
CHR RestoreOnStartup: "hxxp://chomikuj.pl/justys1014", "hxxp://www.facebook.com/home.php", "hxxp://poczta.o2.pl/", "hxxp://www.google.pl/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kamil\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kamil\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Kamil\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Kamil\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Kamil\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Google Update) - C:\Users\Kamil\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Extension: (wxDfast) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg\1.0_0
CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ajhcekcffkpnaednoeoegnmnjdlnjjmg] - C:\ProgramData\wxDfast\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Kamil\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [249856 2010-09-29] ()
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1743872 2010-08-30] (Locktime Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE Technologies)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 gdrv; C:\Windows\gdrv.sys [16704 2011-07-21] (Windows (R) Codename Longhorn DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [16704 2011-07-21] (Windows (R) Codename Longhorn DDK provider)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2010-08-30] (Locktime Software)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
S1 prodrv06; C:\Windows\SysWow64\drivers\prodrv06.sys [79488 2004-05-13] (Protection Technology)
S0 prohlp02; C:\Windows\SysWow64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology)
S0 sfhlp01; C:\Windows\SysWow64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-11] (Duplex Secure Ltd.)
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [x]
S0 prohlp02; System32\drivers\prohlp02.sys [x]
S0 sfhlp01; System32\drivers\sfhlp01.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 uxldypow; \??\C:\Users\Kamil\AppData\Local\Temp\uxldypow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 18:48 - 2013-10-07 18:48 - 00000000 ____D C:\FRST
2013-10-07 18:32 - 2013-10-07 18:32 - 00415209 ____N C:\Windows\Minidump\100713-22651-01.dmp
2013-10-07 18:30 - 2013-10-07 18:30 - 00447415 ____N C:\Windows\Minidump\100713-30981-01.dmp
2013-10-05 19:34 - 2013-10-07 18:20 - 00279078 ____N C:\Windows\Minidump\100713-28485-01.dmp
2013-10-05 19:30 - 2013-10-05 19:31 - 00415209 ____N C:\Windows\Minidump\100513-19266-01.dmp
2013-10-03 19:23 - 2013-10-03 19:24 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\my_app_files
2013-10-03 19:23 - 2013-10-03 19:23 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\BirthdayAdventurec6
2013-10-03 19:21 - 2013-10-03 19:21 - 00001295 _____ C:\Users\Public\Desktop\Dora's Big Birthday Adventure.lnk
2013-10-03 19:20 - 2013-10-03 19:21 - 00000000 ____D C:\Program Files (x86)\Shockwave.com
2013-09-30 18:30 - 2013-09-30 18:34 - 00000000 ____D C:\Users\Kamil\Desktop\2013 DP
2013-09-29 18:06 - 2013-09-29 18:06 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasualGameBox
2013-09-29 18:00 - 2013-09-29 18:00 - 00328384 _____ C:\Windows\Minidump\092913-40638-01.dmp
2013-09-29 17:56 - 2013-09-29 18:06 - 00000000 ____D C:\Program Files (x86)\CasualGameBox
2013-09-29 17:56 - 2013-09-29 17:56 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\T1 Games
2013-09-29 17:55 - 2013-09-29 17:55 - 00003812 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-09-29 17:54 - 2013-09-29 17:55 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-09-29 17:54 - 2013-09-29 17:54 - 00002057 _____ C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\MyPlayCity Games.lnk
2013-09-29 17:53 - 2013-09-29 17:53 - 00000000 ____D C:\Program Files (x86)\MyPlayCity.com
2013-09-29 17:48 - 2013-09-29 17:48 - 00000000 ____D C:\Program Files (x86)\MyRealGames.com
2013-09-29 17:01 - 2013-09-29 17:01 - 00003078 _____ C:\Windows\System32\Tasks\{4F1A1AA2-8643-4619-A085-9A19C019C1DD}
2013-09-29 17:00 - 2013-09-29 17:00 - 00000059 _____ C:\Windows\wininit.ini
2013-09-26 17:13 - 2013-09-26 17:13 - 00514466 ____N C:\Windows\Minidump\092613-20732-01.dmp
2013-09-22 11:41 - 2013-09-22 11:41 - 00328384 _____ C:\Windows\Minidump\092213-30264-01.dmp
2013-09-10 16:02 - 2013-09-10 16:02 - 00328384 _____ C:\Windows\Minidump\091013-37175-01.dmp
2013-09-10 15:54 - 2013-09-22 10:29 - 00474020 ____N C:\Windows\Minidump\092213-19422-01.dmp
2013-09-10 15:54 - 2013-09-10 15:54 - 00328384 _____ C:\Windows\Minidump\091013-46815-01.dmp

==================== One Month Modified Files and Folders =======

2013-10-07 18:48 - 2013-10-07 18:48 - 00000000 ____D C:\FRST
2013-10-07 18:36 - 2009-07-14 19:55 - 00687590 _____ C:\Windows\system32\perfh015.dat
2013-10-07 18:36 - 2009-07-14 19:55 - 00131176 _____ C:\Windows\system32\perfc015.dat
2013-10-07 18:36 - 2009-07-14 07:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-07 18:33 - 2013-01-06 23:30 - 00000000 ____D C:\Windows\Minidump
2013-10-07 18:32 - 2013-10-07 18:32 - 00415209 ____N C:\Windows\Minidump\100713-22651-01.dmp
2013-10-07 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 18:31 - 2009-07-14 06:51 - 00120184 _____ C:\Windows\setupact.log
2013-10-07 18:30 - 2013-10-07 18:30 - 00447415 ____N C:\Windows\Minidump\100713-30981-01.dmp
2013-10-07 18:30 - 2011-11-23 13:19 - 00000000 ____D C:\Users\Kamil\.gstreamer-0.10
2013-10-07 18:29 - 2011-11-30 14:50 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\ipla
2013-10-07 18:20 - 2013-10-05 19:34 - 00279078 ____N C:\Windows\Minidump\100713-28485-01.dmp
2013-10-05 19:31 - 2013-10-05 19:30 - 00415209 ____N C:\Windows\Minidump\100513-19266-01.dmp
2013-10-05 19:23 - 2011-07-21 12:08 - 01833914 _____ C:\Windows\WindowsUpdate.log
2013-10-05 19:18 - 2011-11-07 01:51 - 00095938 _____ C:\Windows\PFRO.log
2013-10-03 19:54 - 2009-07-14 06:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:54 - 2009-07-14 06:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:47 - 2011-11-23 12:37 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954046960-3034843578-204766516-1000UA.job
2013-10-03 19:24 - 2013-10-03 19:23 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\my_app_files
2013-10-03 19:23 - 2013-10-03 19:23 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\BirthdayAdventurec6
2013-10-03 19:21 - 2013-10-03 19:21 - 00001295 _____ C:\Users\Public\Desktop\Dora's Big Birthday Adventure.lnk
2013-10-03 19:21 - 2013-10-03 19:20 - 00000000 ____D C:\Program Files (x86)\Shockwave.com
2013-10-03 19:01 - 2012-04-24 00:29 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-10-03 18:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-10-01 21:01 - 2012-05-24 02:13 - 00001078 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954046960-3034843578-204766516-1000UA.job
2013-10-01 20:55 - 2013-08-19 22:46 - 00000000 ____D C:\Users\Kamil\Desktop\WYCIECZKI
2013-09-30 18:34 - 2013-09-30 18:30 - 00000000 ____D C:\Users\Kamil\Desktop\2013 DP
2013-09-30 14:30 - 2011-09-25 18:08 - 00000000 ____D C:\ProgramData\AlawarWrapper
2013-09-29 18:26 - 2012-06-08 14:45 - 00000000 ___RD C:\Users\Kamil\Desktop\MOJE GRY DO GRANIA 2012
2013-09-29 18:06 - 2013-09-29 18:06 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasualGameBox
2013-09-29 18:06 - 2013-09-29 17:56 - 00000000 ____D C:\Program Files (x86)\CasualGameBox
2013-09-29 18:05 - 2012-05-24 10:34 - 00000000 ____D C:\Program Files (x86)\Alawar.pl
2013-09-29 18:00 - 2013-09-29 18:00 - 00328384 _____ C:\Windows\Minidump\092913-40638-01.dmp
2013-09-29 17:56 - 2013-09-29 17:56 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\T1 Games
2013-09-29 17:56 - 2012-06-04 12:02 - 00000000 ____D C:\ProgramData\T1 Games
2013-09-29 17:55 - 2013-09-29 17:55 - 00003812 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-09-29 17:55 - 2013-09-29 17:54 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-09-29 17:54 - 2013-09-29 17:54 - 00002057 _____ C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\MyPlayCity Games.lnk
2013-09-29 17:53 - 2013-09-29 17:53 - 00000000 ____D C:\Program Files (x86)\MyPlayCity.com
2013-09-29 17:48 - 2013-09-29 17:48 - 00000000 ____D C:\Program Files (x86)\MyRealGames.com
2013-09-29 17:18 - 2011-10-11 10:55 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AidemMedia
2013-09-29 17:18 - 2011-09-25 18:07 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar.pl
2013-09-29 17:17 - 2012-03-17 01:44 - 00000679 _____ C:\Windows\disney.ini
2013-09-29 17:17 - 2011-07-21 12:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-29 17:09 - 2012-05-30 02:20 - 00000000 ____D C:\Program Files (x86)\City Interactive
2013-09-29 17:08 - 2013-03-18 11:42 - 00000000 ____D C:\Windows\UbiSoft
2013-09-29 17:06 - 2013-02-24 16:51 - 00000000 ____D C:\Program Files (x86)\Play
2013-09-29 17:05 - 2012-06-08 15:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 17:05 - 2011-11-23 12:37 - 00000000 ____D C:\Users\Kamil\AppData\Local\Google
2013-09-29 17:03 - 2012-08-26 12:16 - 00000000 ____D C:\Program Files (x86)\Kolorowanka-Zwierzęta
2013-09-29 17:02 - 2012-08-26 12:22 - 00000000 ____D C:\Program Files (x86)\Kolorowanka-Bajki
2013-09-29 17:02 - 2012-08-26 12:16 - 00000000 ____D C:\Program Files (x86)\Kolorowanka Wielkanocna
2013-09-29 17:02 - 2012-08-10 11:13 - 00000000 ____D C:\Program Files (x86)\Kolorowanka Świąteczna
2013-09-29 17:01 - 2013-09-29 17:01 - 00003078 _____ C:\Windows\System32\Tasks\{4F1A1AA2-8643-4619-A085-9A19C019C1DD}
2013-09-29 17:01 - 2013-08-20 13:07 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KraiSoft Entertainment
2013-09-29 17:00 - 2013-09-29 17:00 - 00000059 _____ C:\Windows\wininit.ini
2013-09-26 17:16 - 2011-11-30 01:07 - 00000000 ____D C:\Users\Kamil\AppData\Local\ChomikBox
2013-09-26 17:13 - 2013-09-26 17:13 - 00514466 ____N C:\Windows\Minidump\092613-20732-01.dmp
2013-09-22 11:41 - 2013-09-22 11:41 - 00328384 _____ C:\Windows\Minidump\092213-30264-01.dmp
2013-09-22 10:29 - 2013-09-10 15:54 - 00474020 ____N C:\Windows\Minidump\092213-19422-01.dmp
2013-09-14 19:30 - 2012-05-25 00:12 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\PlayFirst
2013-09-14 19:30 - 2011-09-03 09:30 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Macromedia
2013-09-10 16:02 - 2013-09-10 16:02 - 00328384 _____ C:\Windows\Minidump\091013-37175-01.dmp
2013-09-10 15:54 - 2013-09-10 15:54 - 00328384 _____ C:\Windows\Minidump\091013-46815-01.dmp
2013-09-09 15:23 - 2011-11-30 16:17 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-08 17:25 - 2009-07-14 04:34 - 00000437 _____ C:\Windows\win.ini

Some content of TEMP:
====================
C:\Users\Kamil\AppData\Local\Temp\add_remove.exe
C:\Users\Kamil\AppData\Local\Temp\AlawarGameBoxSetup.exe
C:\Users\Kamil\AppData\Local\Temp\AlawarGameBoxWebSetup.exe
C:\Users\Kamil\AppData\Local\Temp\ApnIC.dll
C:\Users\Kamil\AppData\Local\Temp\ApnStub.exe
C:\Users\Kamil\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\Kamil\AppData\Local\Temp\AskSLib.dll
C:\Users\Kamil\AppData\Local\Temp\BarControl.dll
C:\Users\Kamil\AppData\Local\Temp\bassmod.dll
C:\Users\Kamil\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Kamil\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Kamil\AppData\Local\Temp\drm_dyndata_7350007.dll
C:\Users\Kamil\AppData\Local\Temp\drm_dyndata_7400005.dll
C:\Users\Kamil\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Kamil\AppData\Local\Temp\FFTB-REAL_signed.exe
C:\Users\Kamil\AppData\Local\Temp\fftbapi.dll
C:\Users\Kamil\AppData\Local\Temp\flare.exe
C:\Users\Kamil\AppData\Local\Temp\GDSSetup.exe
C:\Users\Kamil\AppData\Local\Temp\GLF5860GLF5860.EXE
C:\Users\Kamil\AppData\Local\Temp\GoogleInstApp.exe
C:\Users\Kamil\AppData\Local\Temp\GoogleToolbar.dll
C:\Users\Kamil\AppData\Local\Temp\guninst.exe
C:\Users\Kamil\AppData\Local\Temp\ipl1D40.tmp.exe
C:\Users\Kamil\AppData\Local\Temp\ipl260.tmp.exe
C:\Users\Kamil\AppData\Local\Temp\ipl98A6.tmp.exe
C:\Users\Kamil\AppData\Local\Temp\iplB78B.tmp.exe
C:\Users\Kamil\AppData\Local\Temp\iplCC91.tmp.exe
C:\Users\Kamil\AppData\Local\Temp\iplCD8B.tmp.exe
C:\Users\Kamil\AppData\Local\Temp\MSN9040.exe
C:\Users\Kamil\AppData\Local\Temp\SecuExp.exe
C:\Users\Kamil\AppData\Local\Temp\setup.exe
C:\Users\Kamil\AppData\Local\Temp\SIntf16.dll
C:\Users\Kamil\AppData\Local\Temp\SIntf32.dll
C:\Users\Kamil\AppData\Local\Temp\SIntfNT.dll
C:\Users\Kamil\AppData\Local\Temp\tbHiGa.dll
C:\Users\Kamil\AppData\Local\Temp\Tsu-10BC.dll
C:\Users\Kamil\AppData\Local\Temp\WebLaunchInstaller.exe
C:\Users\Kamil\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Kamil\AppData\Local\Temp\_is1190.exe
C:\Users\Kamil\AppData\Local\Temp\_is30E8.exe
C:\Users\Kamil\AppData\Local\Temp\_is7889.exe
C:\Users\Kamil\AppData\Local\Temp\~fs450.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 14:35

==================== End Of Log ============================