Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013
Ran by Adrian (administrator) on ADRIAN-HP on 26-10-2013 12:45:24
Running from C:\Users\Adrian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Adrian\Downloads\RogueKiller.exe
(Google Inc.) C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-21] (Microsoft Corporation) <=== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM-x32\...\Command Processor: "C:\Users\Adrian\AppData\Local\dHFWJHzy9A\zdzthhs2rpc.exe" <======= ATTENTION
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-12-05] (TomTom)
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Command Processor:  <======= ATTENTION
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: D - D:\AutoRun.exe
MountPoints2: {2e595c97-2c07-11e3-9665-2c4138589ce0} - D:\AutoRun.exe
MountPoints2: {319afb61-2b4b-11e3-95d7-2c4138589ce0} - D:\setup.exe
MountPoints2: {6f235f9a-097a-11e3-9a9d-2c4138589ce0} - D:\AutoRun.exe
MountPoints2: {6f23613d-097a-11e3-9a9d-2c4138589ce0} - D:\AutoRun.exe
MountPoints2: {6f236298-097a-11e3-9a9d-2c4138589ce0} - D:\AutoRun.exe
MountPoints2: {6f236344-097a-11e3-9a9d-2c4138589ce0} - D:\AutoRun.exe
MountPoints2: {9f67d680-724d-11e1-bc4c-402cf42841a9} - F:\Setup.exe
MountPoints2: {a82a47fe-37d7-11e3-b628-001e101f859f} - G:\SETUP.EXE
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 2510 series.lnk
ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=Hitachi_HTS547550A9E384_J2150050DBZ7DDDBZ7DDX&ts=1354045889
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110819&tt=010712_1&babsrc=HP_ss&mntrId=423e6d91000000000000402cf438bfbc
URLSearchHook: HKCU - (No Name) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyEtDtB0C0FyEtAzz0B0F0B0CyC0DzytCtN0D0TzutBtDtCtBtDyBtDtB&cr=353983499
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyEtDtB0C0FyEtAzz0B0F0B0CyC0DzytCtN0D0TzutBtDtCtBtDyBtDtB&cr=353983499
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {36797539-4331-4F47-8080-547665B76732} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyEtDtB0C0FyEtAzz0B0F0B0CyC0DzytCtN0D0TzutBtDtCtBtDyBtDtB&cr=353983499
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyEtDtB0C0FyEtAzz0B0F0B0CyC0DzytCtN0D0TzutBtDtCtBtDyBtDtB&cr=353983499
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {36797539-4331-4F47-8080-547665B76732} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQPhrpYc1&i=26
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyEtDtB0C0FyEtAzz0B0F0B0CyC0DzytCtN0D0TzutBtDtCtBtDyBtDtB&cr=353983499
SearchScopes: HKCU - {23E9B683-1399-B8DE-8D5A-2A540491B51E} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=010712_1&babsrc=SP_ss&mntrId=423e6d91000000000000402cf438bfbc
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {36797539-4331-4F47-8080-547665B76732} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQPhrpYc1&i=26
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - No Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-09-02] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 82.160.140.2
Tcpip\..\Interfaces\{65E552D0-592F-4A6D-ACAA-051BAC77872F}: [NameServer]89.108.202.20 89.108.195.20
Tcpip\..\Interfaces\{EBD3AC38-53ED-4149-8751-34C3646D639C}: [NameServer]89.108.202.21 89.108.195.21
Tcpip\..\Interfaces\{F7983E82-71E3-413E-87C6-83CE656D43D7}: [NameServer]89.108.202.21 89.108.195.21

FireFox:
========
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\9g7sy8dc.default
FF user.js: detected! => C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\9g7sy8dc.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Adrian\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Adrian\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Adrian\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()
CHR Plugin: (Simple Pass 2011) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Website Logon) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0
CHR Extension: (FunDial) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0
CHR Extension: (Funmoods) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Adrian\AppData\Local\funmoods-speeddial.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\Adrian\AppData\Local\funmoods.crx
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Adrian\AppData\Local\funmoods-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\Adrian\AppData\Local\funmoods.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2013-10-18] ()
S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [218624 2013-08-20] ()
S2 postgresql-9.2; C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Program Files (x86)/PostgreSQL/9.2/data" -w [x]

==================== Drivers (Whitelisted) ====================

S3 GVCplDrv; C:\Windows\SysWow64\Drivers\GVCplDrv.sys [23040 2004-05-02] ()
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-26 12:45 - 2013-10-26 12:45 - 00000000 ____D C:\FRST
2013-10-26 12:44 - 2013-10-26 12:44 - 01956086 _____ (Farbar) C:\Users\Adrian\Downloads\FRST64.exe
2013-10-26 12:43 - 2013-10-26 12:43 - 00359085 _____ (Farbar) C:\Users\Adrian\Downloads\FSS.exe
2013-10-26 12:43 - 2013-10-26 12:43 - 00006524 _____ C:\Users\Adrian\Downloads\FSS.txt
2013-10-26 12:41 - 2013-10-26 12:41 - 00002250 _____ C:\Users\Adrian\Desktop\RKreport[0]_D_10262013_124149.txt
2013-10-26 12:39 - 2013-10-26 12:39 - 00004270 _____ C:\Users\Adrian\Desktop\RKreport[0]_S_10262013_123908.txt
2013-10-26 12:25 - 2013-10-26 12:25 - 00008581 _____ C:\Users\Adrian\Desktop\RKreport[0]_D_10262013_122550.txt
2013-10-26 12:22 - 2013-10-26 12:22 - 00008594 _____ C:\Users\Adrian\Desktop\RKreport[0]_S_10262013_122202.txt
2013-10-26 12:20 - 2013-10-26 12:39 - 00000000 ____D C:\Users\Adrian\Desktop\RK_Quarantine
2013-10-26 12:20 - 2013-10-26 12:20 - 00955392 _____ C:\Users\Adrian\Downloads\RogueKiller.exe
2013-10-26 12:18 - 2013-10-26 12:18 - 00000124 _____ C:\Users\Adrian\Desktop\FIX.REG
2013-10-26 12:17 - 2013-10-26 12:17 - 00000000 _____ C:\Users\Adrian\Desktop\Nowy dokument tekstowy.txt
2013-10-26 11:52 - 2013-10-26 11:52 - 00089255 _____ C:\Users\Adrian\Downloads\178500
2013-10-26 11:34 - 2013-10-26 11:32 - 00368554 _____ C:\Users\Adrian\Downloads\gmer.zip
2013-10-26 11:32 - 2013-10-26 11:32 - 00685248 _____ C:\Users\Adrian\Downloads\Gmer(13252).exe
2013-10-26 09:48 - 2013-10-26 09:48 - 02347384 _____ (ESET) C:\Users\Adrian\Downloads\esetsmartinstaller_plk.exe
2013-10-26 09:48 - 2013-10-26 09:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-26 09:18 - 2013-10-26 09:18 - 00000943 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-10-26 09:18 - 2013-10-26 09:18 - 00000943 _____ C:\ProgramData\Desktop\Winamp.lnk
2013-10-26 09:16 - 2013-10-26 09:16 - 13382128 _____ (Nullsoft, Inc.) C:\Users\Adrian\Downloads\winamp565_full_emusic-7plus_pl-pl.exe
2013-10-26 09:15 - 2013-10-26 09:15 - 00685248 _____ C:\Users\Adrian\Downloads\Winamp(12928).exe
2013-10-26 08:47 - 2013-10-26 08:47 - 00000000 ____D C:\Users\Adrian\AppData\Local\GHISLER
2013-10-26 08:45 - 2013-10-26 08:45 - 00000632 _____ C:\Users\Adrian\Desktop\Total Commander.lnk
2013-10-26 08:45 - 2013-10-26 08:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2013-10-26 08:45 - 2013-10-26 08:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\GHISLER
2013-10-26 08:45 - 2013-10-26 08:45 - 00000000 ____D C:\totalcmd
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\UC.PIF
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\RAR.PIF
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKZIP.PIF
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\NOCLOSE.PIF
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\LHA.PIF
2013-10-26 08:45 - 2010-12-17 07:56 - 00000545 _____ C:\Windows\ARJ.PIF
2013-10-25 20:30 - 2013-10-25 20:30 - 00000000 __SHD C:\$$PendingFiles
2013-10-25 13:09 - 2013-10-25 13:11 - 14827856 _____ (NNG Llc.) C:\Users\Adrian\Downloads\Becker_Content_Manager_Setup.exe
2013-10-25 13:05 - 2013-10-25 13:05 - 00002903 _____ C:\Users\Adrian\Downloads\Odblokowanie Becker.txt
2013-10-25 12:34 - 2013-10-25 12:34 - 00322938 _____ C:\Users\Adrian\Documents\cc_20131025_123359.reg
2013-10-25 12:34 - 2013-10-25 12:34 - 00051492 _____ C:\Users\Adrian\Documents\cc_20131025_123434.reg
2013-10-25 12:33 - 2013-10-25 12:33 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-25 12:33 - 2013-10-25 12:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-25 12:33 - 2013-10-25 12:33 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2013-10-25 12:32 - 2013-10-25 12:33 - 00000000 ____D C:\Program Files\CCleaner
2013-10-25 12:32 - 2013-10-25 12:32 - 04379048 _____ (Piriform Ltd) C:\Users\Adrian\Downloads\ccsetup407.exe
2013-10-25 12:31 - 2013-10-25 12:31 - 00685248 _____ C:\Users\Adrian\Downloads\CCleaner(13061).exe
2013-10-25 11:56 - 2013-10-25 11:56 - 00002322 _____ C:\Users\Adrian\Desktop\Google Chrome.lnk
2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-10-22 16:56 - 2013-10-22 16:56 - 00219136 _____ C:\Users\Adrian\AppData\Roaming\cLaT83yw
2013-10-22 16:56 - 2013-10-22 16:56 - 00219136 _____ C:\ProgramData\RJS6O4ql
2013-10-18 20:36 - 2013-10-18 20:36 - 00000000 ____D C:\Program Files (x86)\Real Alternative
2013-10-18 20:36 - 2010-02-15 20:00 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2013-10-18 20:36 - 2010-02-15 20:00 - 00185920 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-18 20:36 - 2010-02-15 20:00 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-18 20:36 - 2010-02-15 20:00 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-18 20:36 - 2004-01-12 00:00 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-10-18 20:36 - 2003-03-19 05:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-10-18 17:33 - 2013-10-18 17:32 - 00151552 _____ C:\Windows\KMService.exe
2013-10-18 17:33 - 2013-10-18 17:32 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Windows\PCHEALTH
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-10-18 17:22 - 2013-10-18 17:27 - 00000000 ____D C:\Windows\SHELLNEW
2013-10-18 17:22 - 2013-10-18 17:22 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-10-18 17:22 - 2013-10-18 17:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-10-18 17:21 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-18 17:21 - 2013-10-18 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-18 17:20 - 2013-10-18 17:20 - 00000000 ___RD C:\MSOCache
2013-10-18 17:05 - 2013-10-18 17:05 - 14021608 _____ (Disc Soft Ltd) C:\Users\Adrian\Downloads\DTLite4471-0337(dobreprogramy.pl).exe
2013-10-11 15:53 - 2013-10-11 15:53 - 00000000 ____D C:\Users\Adrian\Desktop\Microsoft Office 2010 Professional Plus x64 PL + Aktywacja
2013-10-08 08:40 - 2013-10-08 08:40 - 01078591 _____ C:\Users\Adrian\Downloads\Unlocker1.9.2.exe
2013-10-04 11:49 - 2013-10-04 11:49 - 00262144 _____ C:\Windows\system32\config\elam
2013-10-04 08:31 - 2013-10-04 08:32 - 00000000 ____D C:\ProgramData\MFAData
2013-10-04 08:31 - 2013-10-04 08:31 - 00000000 ____D C:\Users\Adrian\AppData\Local\MFAData
2013-10-04 08:31 - 2013-10-04 08:31 - 00000000 ____D C:\Users\Adrian\AppData\Local\Avg2014
2013-10-03 17:18 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\AVS4YOU
2013-10-03 17:17 - 2013-10-04 06:33 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-10-03 17:17 - 2013-10-03 17:18 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-10-03 17:17 - 2011-06-22 11:32 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-10-03 17:17 - 2011-06-22 11:32 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2013-10-03 17:17 - 2011-06-22 11:32 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2013-10-03 17:17 - 2011-06-22 11:32 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2013-10-03 17:17 - 2011-06-22 11:32 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2013-10-03 17:07 - 2013-10-03 17:07 - 86850640 _____ (Online Media Technologies Ltd.                              ) C:\Users\Adrian\Downloads\AVSMediaPlayer.exe
2013-10-03 16:52 - 2013-10-03 16:56 - 00000000 ____D C:\Program Files (x86)\3GPplayer2010
2013-10-03 09:23 - 2013-10-03 15:58 - 00048332 _____ C:\Users\Adrian\Desktop\Protokół dla Urzędu Gminy.odt
2013-10-02 19:15 - 2013-10-03 15:55 - 00011301 _____ C:\Users\Adrian\Desktop\tabelki do protokołu dla Urzędu Gminy.ods
2013-09-26 09:04 - 2013-09-26 09:04 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Brother

==================== One Month Modified Files and Folders =======

2013-10-26 12:45 - 2013-10-26 12:45 - 00000000 ____D C:\FRST
2013-10-26 12:44 - 2013-10-26 12:44 - 01956086 _____ (Farbar) C:\Users\Adrian\Downloads\FRST64.exe
2013-10-26 12:43 - 2013-10-26 12:43 - 00359085 _____ (Farbar) C:\Users\Adrian\Downloads\FSS.exe
2013-10-26 12:43 - 2013-10-26 12:43 - 00006524 _____ C:\Users\Adrian\Downloads\FSS.txt
2013-10-26 12:41 - 2013-10-26 12:41 - 00002250 _____ C:\Users\Adrian\Desktop\RKreport[0]_D_10262013_124149.txt
2013-10-26 12:40 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 12:40 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 12:39 - 2013-10-26 12:39 - 00004270 _____ C:\Users\Adrian\Desktop\RKreport[0]_S_10262013_123908.txt
2013-10-26 12:39 - 2013-10-26 12:20 - 00000000 ____D C:\Users\Adrian\Desktop\RK_Quarantine
2013-10-26 12:39 - 2011-09-02 20:45 - 00737980 _____ C:\Windows\system32\perfh015.dat
2013-10-26 12:39 - 2011-09-02 20:45 - 00154636 _____ C:\Windows\system32\perfc015.dat
2013-10-26 12:39 - 2009-07-14 07:13 - 01662192 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-26 12:32 - 2012-06-19 08:30 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-26 12:31 - 2012-10-08 22:12 - 00572830 _____ C:\Windows\PFRO.log
2013-10-26 12:31 - 2012-09-03 13:12 - 00127758 _____ C:\Windows\setupact.log
2013-10-26 12:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 12:25 - 2013-10-26 12:25 - 00008581 _____ C:\Users\Adrian\Desktop\RKreport[0]_D_10262013_122550.txt
2013-10-26 12:22 - 2013-10-26 12:22 - 00008594 _____ C:\Users\Adrian\Desktop\RKreport[0]_S_10262013_122202.txt
2013-10-26 12:20 - 2013-10-26 12:20 - 00955392 _____ C:\Users\Adrian\Downloads\RogueKiller.exe
2013-10-26 12:18 - 2013-10-26 12:18 - 00000124 _____ C:\Users\Adrian\Desktop\FIX.REG
2013-10-26 12:17 - 2013-10-26 12:17 - 00000000 _____ C:\Users\Adrian\Desktop\Nowy dokument tekstowy.txt
2013-10-26 11:58 - 2012-06-19 08:30 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-26 11:52 - 2013-10-26 11:52 - 00089255 _____ C:\Users\Adrian\Downloads\178500
2013-10-26 11:32 - 2013-10-26 11:34 - 00368554 _____ C:\Users\Adrian\Downloads\gmer.zip
2013-10-26 11:32 - 2013-10-26 11:32 - 00685248 _____ C:\Users\Adrian\Downloads\Gmer(13252).exe
2013-10-26 09:48 - 2013-10-26 09:48 - 02347384 _____ (ESET) C:\Users\Adrian\Downloads\esetsmartinstaller_plk.exe
2013-10-26 09:48 - 2013-10-26 09:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-26 09:19 - 2013-02-15 23:02 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Winamp
2013-10-26 09:19 - 2013-02-15 23:02 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-10-26 09:18 - 2013-10-26 09:18 - 00000943 _____ C:\Users\Public\Desktop\Winamp.lnk
2013-10-26 09:18 - 2013-10-26 09:18 - 00000943 _____ C:\ProgramData\Desktop\Winamp.lnk
2013-10-26 09:16 - 2013-10-26 09:16 - 13382128 _____ (Nullsoft, Inc.) C:\Users\Adrian\Downloads\winamp565_full_emusic-7plus_pl-pl.exe
2013-10-26 09:15 - 2013-10-26 09:15 - 00685248 _____ C:\Users\Adrian\Downloads\Winamp(12928).exe
2013-10-26 08:47 - 2013-10-26 08:47 - 00000000 ____D C:\Users\Adrian\AppData\Local\GHISLER
2013-10-26 08:45 - 2013-10-26 08:45 - 00000632 _____ C:\Users\Adrian\Desktop\Total Commander.lnk
2013-10-26 08:45 - 2013-10-26 08:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2013-10-26 08:45 - 2013-10-26 08:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\GHISLER
2013-10-26 08:45 - 2013-10-26 08:45 - 00000000 ____D C:\totalcmd
2013-10-25 20:30 - 2013-10-25 20:30 - 00000000 __SHD C:\$$PendingFiles
2013-10-25 13:11 - 2013-10-25 13:09 - 14827856 _____ (NNG Llc.) C:\Users\Adrian\Downloads\Becker_Content_Manager_Setup.exe
2013-10-25 13:05 - 2013-10-25 13:05 - 00002903 _____ C:\Users\Adrian\Downloads\Odblokowanie Becker.txt
2013-10-25 12:34 - 2013-10-25 12:34 - 00322938 _____ C:\Users\Adrian\Documents\cc_20131025_123359.reg
2013-10-25 12:34 - 2013-10-25 12:34 - 00051492 _____ C:\Users\Adrian\Documents\cc_20131025_123434.reg
2013-10-25 12:33 - 2013-10-25 12:33 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-25 12:33 - 2013-10-25 12:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-25 12:33 - 2013-10-25 12:33 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2013-10-25 12:33 - 2013-10-25 12:32 - 00000000 ____D C:\Program Files\CCleaner
2013-10-25 12:32 - 2013-10-25 12:32 - 04379048 _____ (Piriform Ltd) C:\Users\Adrian\Downloads\ccsetup407.exe
2013-10-25 12:31 - 2013-10-25 12:31 - 00685248 _____ C:\Users\Adrian\Downloads\CCleaner(13061).exe
2013-10-25 12:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-25 11:56 - 2013-10-25 11:56 - 00002322 _____ C:\Users\Adrian\Desktop\Google Chrome.lnk
2013-10-25 11:56 - 2013-10-25 11:56 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-10-25 11:49 - 2012-03-23 18:33 - 00000000 ____D C:\Users\Adrian\Desktop\Juniorzy 97
2013-10-23 05:55 - 2012-03-21 10:34 - 00000000 ____D C:\Users\Adrian\AppData\Local\CrashDumps
2013-10-23 05:54 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 22:48 - 2013-01-02 13:22 - 00000000 ____D C:\Windows\pss
2013-10-22 22:48 - 2012-03-19 17:34 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-22 16:56 - 2013-10-22 16:56 - 00219136 _____ C:\Users\Adrian\AppData\Roaming\cLaT83yw
2013-10-22 16:56 - 2013-10-22 16:56 - 00219136 _____ C:\ProgramData\RJS6O4ql
2013-10-22 16:56 - 2012-06-19 08:30 - 00000000 ____D C:\Users\Adrian\AppData\Local\Google
2013-10-22 16:56 - 2012-06-19 08:30 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-22 15:38 - 2012-03-20 20:30 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForAdrian.job
2013-10-22 15:37 - 2012-03-20 20:30 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAdrian
2013-10-21 16:45 - 2012-07-31 10:46 - 00000000 ____D C:\Users\Adrian\Desktop\magisterka adi
2013-10-21 10:42 - 2013-08-21 13:24 - 00000000 ____D C:\Users\Adrian\Desktop\Dokumenty seniorzy Victoria
2013-10-21 10:09 - 2011-11-05 08:05 - 01517896 _____ C:\Windows\WindowsUpdate.log
2013-10-18 21:02 - 2013-01-10 10:55 - 00000000 ____D C:\Program Files (x86)\RMVB Player
2013-10-18 20:36 - 2013-10-18 20:36 - 00000000 ____D C:\Program Files (x86)\Real Alternative
2013-10-18 19:30 - 2009-07-14 06:45 - 00416704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-18 17:36 - 2012-09-11 12:02 - 00000000 ____D C:\Users\Adrian\Desktop\Dokumenty Orlik
2013-10-18 17:35 - 2012-03-19 17:33 - 00108824 _____ C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-18 17:32 - 2013-10-18 17:33 - 00151552 _____ C:\Windows\KMService.exe
2013-10-18 17:32 - 2013-10-18 17:33 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe
2013-10-18 17:30 - 2012-07-30 09:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-10-18 17:27 - 2013-10-18 17:22 - 00000000 ____D C:\Windows\SHELLNEW
2013-10-18 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Windows\PCHEALTH
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2013-10-18 17:25 - 2013-10-18 17:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-10-18 17:25 - 2013-10-18 17:21 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-18 17:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-10-18 17:22 - 2013-10-18 17:22 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-10-18 17:22 - 2013-10-18 17:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-10-18 17:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-18 17:22 - 2009-07-14 04:34 - 00000508 _____ C:\Windows\win.ini
2013-10-18 17:21 - 2013-10-18 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-18 17:20 - 2013-10-18 17:20 - 00000000 ___RD C:\MSOCache
2013-10-18 17:07 - 2012-03-20 10:37 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\SoftGrid Client
2013-10-18 17:05 - 2013-10-18 17:05 - 14021608 _____ (Disc Soft Ltd) C:\Users\Adrian\Downloads\DTLite4471-0337(dobreprogramy.pl).exe
2013-10-15 12:03 - 2012-03-19 20:27 - 00000000 ____D C:\Users\Adrian\AppData\Local\HP
2013-10-13 22:48 - 2013-02-23 13:06 - 00000000 ____D C:\Users\Adrian\Desktop\Zdjęcia i piosenki
2013-10-12 23:53 - 2012-06-19 08:30 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 23:53 - 2012-06-19 08:30 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 15:53 - 2013-10-11 15:53 - 00000000 ____D C:\Users\Adrian\Desktop\Microsoft Office 2010 Professional Plus x64 PL + Aktywacja
2013-10-08 08:40 - 2013-10-08 08:40 - 01078591 _____ C:\Users\Adrian\Downloads\Unlocker1.9.2.exe
2013-10-06 10:17 - 2011-09-02 11:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-04 11:49 - 2013-10-04 11:49 - 00262144 _____ C:\Windows\system32\config\elam
2013-10-04 09:54 - 2012-03-26 14:47 - 00000000 ____D C:\Program Files (x86)\v9Soft
2013-10-04 08:32 - 2013-10-04 08:31 - 00000000 ____D C:\ProgramData\MFAData
2013-10-04 08:31 - 2013-10-04 08:31 - 00000000 ____D C:\Users\Adrian\AppData\Local\MFAData
2013-10-04 08:31 - 2013-10-04 08:31 - 00000000 ____D C:\Users\Adrian\AppData\Local\Avg2014
2013-10-04 08:24 - 2013-08-25 22:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-04 08:00 - 2012-06-14 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-04 08:00 - 2012-03-25 10:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-04 07:59 - 2012-03-21 13:12 - 00000000 ____D C:\Users\Adrian\AppData\Local\Adobe
2013-10-04 06:40 - 2013-08-25 22:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-04 06:39 - 2013-08-25 22:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-04 06:33 - 2013-10-03 17:17 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-10-03 17:18 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\AVS4YOU
2013-10-03 17:18 - 2013-10-03 17:17 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-10-03 17:07 - 2013-10-03 17:07 - 86850640 _____ (Online Media Technologies Ltd.                              ) C:\Users\Adrian\Downloads\AVSMediaPlayer.exe
2013-10-03 16:56 - 2013-10-03 16:52 - 00000000 ____D C:\Program Files (x86)\3GPplayer2010
2013-10-03 16:51 - 2013-01-10 10:53 - 00000000 ____D C:\Users\Adrian\AppData\Local\ALLPlayer
2013-10-03 16:51 - 2013-01-10 10:53 - 00000000 ____D C:\Program Files (x86)\ALLPlayer
2013-10-03 15:58 - 2013-10-03 09:23 - 00048332 _____ C:\Users\Adrian\Desktop\Protokół dla Urzędu Gminy.odt
2013-10-03 15:55 - 2013-10-02 19:15 - 00011301 _____ C:\Users\Adrian\Desktop\tabelki do protokołu dla Urzędu Gminy.ods
2013-10-03 15:45 - 2013-09-18 15:11 - 00000000 ____D C:\Raporty
2013-10-01 20:04 - 2013-09-12 10:20 - 00000000 ____D C:\PP_Bilety
2013-09-26 09:04 - 2013-09-26 09:04 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Brother

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Adrian\AppData\Local\Temp\bitool.dll
C:\Users\Adrian\AppData\Local\Temp\chutil.dll
C:\Users\Adrian\AppData\Local\Temp\dp.exe
C:\Users\Adrian\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Adrian\AppData\Local\Temp\GetCC.dll
C:\Users\Adrian\AppData\Local\Temp\GLF830A.tmp.ConduitEngineSetup.exe
C:\Users\Adrian\AppData\Local\Temp\ICReinstall_ALLPlayer_Downloader.exe
C:\Users\Adrian\AppData\Local\Temp\incredibar_install.exe
C:\Users\Adrian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Adrian\AppData\Local\Temp\MixiYD.exe
C:\Users\Adrian\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Adrian\AppData\Local\Temp\ose00000.exe
C:\Users\Adrian\AppData\Local\Temp\rnsetup0.exe
C:\Users\Adrian\AppData\Local\Temp\SendMsg.dll
C:\Users\Adrian\AppData\Local\Temp\Shortcut_SweetImSetup (1).exe
C:\Users\Adrian\AppData\Local\Temp\Shortcut_sweetimsetup.exe
C:\Users\Adrian\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Adrian\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Adrian\AppData\Local\Temp\sp54620.exe
C:\Users\Adrian\AppData\Local\Temp\SP54714.exe
C:\Users\Adrian\AppData\Local\Temp\sqlite3.dll
C:\Users\Adrian\AppData\Local\Temp\tbRada.dll
C:\Users\Adrian\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Adrian\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Adrian\AppData\Local\Temp\UnZipMe.EXE
C:\Users\Adrian\AppData\Local\Temp\vbmz6.exe
C:\Users\Adrian\AppData\Local\Temp\_isEA0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 10:11

==================== End Of Log ============================