﻿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by Brat (administrator) on BRAT-A31751A8EC on 27-01-2014 09:41:18
Running from C:\Documents and Settings\Brat\Desktop
Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(BIGDOG) C:\WINDOWS\VM_STI.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BigDogPath] - C:\WINDOWS\VM_STI.EXE [40960 2004-06-09] (BIGDOG)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1383582969453
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 22 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Brat\Application Data\Mozilla\Firefox\Profiles\2bf4s09j.default
FF Homepage: www.google.com
FF NetworkProxy: "autoconfig_url", "http://ezdroje.muni.cz/proxy/libproxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 - C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: Muter - C:\Documents and Settings\Brat\Application Data\Mozilla\Firefox\Profiles\2bf4s09j.default\Extensions\muter@yxl.name [2013-11-04]
FF Extension: Adblock Plus - C:\Documents and Settings\Brat\Application Data\Mozilla\Firefox\Profiles\2bf4s09j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2011-03-31] (Atheros)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-06-02] ()
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-03-31] (wireless)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-03-31] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [31912 2013-10-11] (Emsisoft)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2013-11-04] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-03-31] (Atheros Communications, Inc.)
R3 ZSMC301b; C:\WINDOWS\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files\CyberLink\PowerDVD9\000.fcl [87536 2009-02-28] (CyberLink Corp.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; 
U3 aioati66; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 09:40 - 2014-01-27 09:41 - 00011980 _____ C:\Documents and Settings\Brat\Desktop\FRST.txt
2014-01-27 09:39 - 2014-01-27 09:39 - 00000000 ____D C:\FRST
2014-01-27 09:38 - 2014-01-27 09:38 - 01223168 _____ (Farbar) C:\Documents and Settings\Brat\Desktop\FRST.exe
2014-01-27 09:38 - 2014-01-27 09:38 - 00112640 _____ C:\Documents and Settings\Brat\Desktop\FRSTLauncher.exe
2014-01-25 17:54 - 2014-01-25 17:54 - 00000762 _____ C:\WINDOWS\setupapi.log
2014-01-22 21:02 - 2014-01-22 21:02 - 00039814 _____ C:\Documents and Settings\Brat\Desktop\cc_20140122_210208.reg
2014-01-22 20:15 - 2014-01-22 20:15 - 06220854 _____ C:\Documents and Settings\Brat\Desktop\face.bmp
2014-01-17 18:17 - 2014-01-17 18:17 - 06220854 _____ C:\Documents and Settings\Brat\Desktop\bez_názvu2.bmp
2014-01-17 18:16 - 2014-01-17 18:16 - 06220854 _____ C:\Documents and Settings\Brat\Desktop\bez_názvu.bmp
2014-01-16 00:00 - 2014-01-16 00:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-13 17:41 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2014-01-08 20:15 - 2014-01-08 20:15 - 00000000 ____D C:\Documents and Settings\Brat\Local Settings\Application Data\My Games
2014-01-08 20:14 - 2014-01-08 20:14 - 00000808 _____ C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization V.lnk
2014-01-08 20:14 - 2014-01-08 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sid Meier's Civilization V
2014-01-08 20:14 - 2014-01-08 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\3DMGAME
2014-01-08 20:08 - 2014-01-22 17:16 - 00000000 ____D C:\Program Files\Sid Meier's Civilization V
2014-01-06 20:49 - 2014-01-06 20:49 - 00000991 _____ C:\Documents and Settings\Brat\Desktop\Flatout Ultimate Carnage.lnk
2014-01-06 20:47 - 2014-01-06 20:47 - 00000000 ____D C:\Documents and Settings\Brat\Local Settings\Application Data\FlatOut Ultimate Carnage
2014-01-06 20:41 - 2014-01-06 20:41 - 00000000 ____D C:\WINDOWS\system32\xlive
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Documents and Settings\Brat\Start Menu\Programs\Empire Interactive
2014-01-06 20:36 - 2014-01-06 20:36 - 00000000 ____D C:\Program Files\Empire Interactive
2014-01-03 19:42 - 2014-01-03 19:42 - 00000082 _____ C:\WINDOWS\mafosav.INI

==================== One Month Modified Files and Folders =======

2014-01-27 09:41 - 2014-01-27 09:40 - 00011980 _____ C:\Documents and Settings\Brat\Desktop\FRST.txt
2014-01-27 09:39 - 2014-01-27 09:39 - 00000000 ____D C:\FRST
2014-01-27 09:38 - 2014-01-27 09:38 - 01223168 _____ (Farbar) C:\Documents and Settings\Brat\Desktop\FRST.exe
2014-01-27 09:38 - 2014-01-27 09:38 - 00112640 _____ C:\Documents and Settings\Brat\Desktop\FRSTLauncher.exe
2014-01-27 09:35 - 2013-11-04 16:31 - 01914037 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-27 09:33 - 2013-11-04 17:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-27 09:33 - 2013-11-04 17:25 - 00000051 _____ C:\WINDOWS\wiaservc.log
2014-01-27 09:33 - 2013-11-04 16:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-27 09:33 - 2006-02-28 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-27 00:03 - 2013-11-04 22:08 - 00000000 ____D C:\Documents and Settings\Brat\Application Data\uTorrent
2014-01-27 00:03 - 2013-11-04 17:00 - 00458752 _____ C:\WINDOWS\system32\config\ACS.evt
2014-01-27 00:03 - 2013-11-04 16:52 - 00196608 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-27 00:03 - 2013-11-04 16:34 - 00032606 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-27 00:03 - 2013-11-04 16:34 - 00000178 ___SH C:\Documents and Settings\Brat\ntuser.ini
2014-01-27 00:03 - 2013-11-04 16:34 - 00000000 ____D C:\Documents and Settings\Brat
2014-01-26 23:32 - 2013-11-04 18:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-26 18:54 - 2013-11-04 20:54 - 00001687 _____ C:\Documents and Settings\Brat\Application Data\mainhst.zgh
2014-01-26 18:02 - 2013-11-11 20:23 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-26 18:02 - 2013-11-04 16:29 - 00000000 ____D C:\WINDOWS\Registration
2014-01-25 20:10 - 2013-11-04 20:29 - 00000000 ____D C:\Documents and Settings\Brat\Application Data\Skype
2014-01-25 19:13 - 2013-11-04 20:29 - 00002273 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-01-25 17:54 - 2014-01-25 17:54 - 00000762 _____ C:\WINDOWS\setupapi.log
2014-01-22 23:29 - 2013-11-04 20:27 - 00000000 ____D C:\Documents and Settings\Brat\Application Data\Winamp
2014-01-22 21:02 - 2014-01-22 21:02 - 00039814 _____ C:\Documents and Settings\Brat\Desktop\cc_20140122_210208.reg
2014-01-22 21:00 - 2013-11-04 17:02 - 00000000 __SHD C:\Documents and Settings\Brat\UserData
2014-01-22 20:15 - 2014-01-22 20:15 - 06220854 _____ C:\Documents and Settings\Brat\Desktop\face.bmp
2014-01-22 17:16 - 2014-01-08 20:08 - 00000000 ____D C:\Program Files\Sid Meier's Civilization V
2014-01-21 20:37 - 2013-12-17 16:27 - 00000000 ____D C:\Documents and Settings\Brat\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2014-01-21 08:53 - 2013-11-04 20:31 - 00000000 ____D C:\Documents and Settings\Brat\Local Settings\Application Data\Adobe
2014-01-21 08:53 - 2013-11-04 18:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-21 08:53 - 2013-11-04 18:25 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-17 18:17 - 2014-01-17 18:17 - 06220854 _____ C:\Documents and Settings\Brat\Desktop\bez_názvu2.bmp
2014-01-17 18:16 - 2014-01-17 18:16 - 06220854 _____ C:\Documents and Settings\Brat\Desktop\bez_názvu.bmp
2014-01-16 12:54 - 2013-11-04 20:32 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-16 00:03 - 2013-11-04 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-16 00:02 - 2013-11-04 18:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 00:00 - 2014-01-16 00:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 00:00 - 2013-11-04 18:43 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 21:02 - 2013-11-15 18:34 - 00000000 ___HD C:\Documents and Settings\Brat\Desktop\[Originals]
2014-01-08 20:15 - 2014-01-08 20:15 - 00000000 ____D C:\Documents and Settings\Brat\Local Settings\Application Data\My Games
2014-01-08 20:15 - 2013-12-13 17:00 - 00000000 ____D C:\Documents and Settings\Brat\My Documents\My Games
2014-01-08 20:14 - 2014-01-08 20:14 - 00000808 _____ C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization V.lnk
2014-01-08 20:14 - 2014-01-08 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sid Meier's Civilization V
2014-01-08 20:14 - 2014-01-08 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\3DMGAME
2014-01-07 21:53 - 2013-11-05 12:40 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-06 20:49 - 2014-01-06 20:49 - 00000991 _____ C:\Documents and Settings\Brat\Desktop\Flatout Ultimate Carnage.lnk
2014-01-06 20:47 - 2014-01-06 20:47 - 00000000 ____D C:\Documents and Settings\Brat\Local Settings\Application Data\FlatOut Ultimate Carnage
2014-01-06 20:47 - 2013-11-04 22:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-01-06 20:41 - 2014-01-06 20:41 - 00000000 ____D C:\WINDOWS\system32\xlive
2014-01-06 20:41 - 2013-11-04 16:30 - 00000000 ____D C:\WINDOWS\system32\DirectX
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Documents and Settings\Brat\Start Menu\Programs\Empire Interactive
2014-01-06 20:36 - 2014-01-06 20:36 - 00000000 ____D C:\Program Files\Empire Interactive
2014-01-06 17:15 - 2013-11-05 13:07 - 00000428 _____ C:\WINDOWS\zipgenius.xml
2014-01-03 19:42 - 2014-01-03 19:42 - 00000082 _____ C:\WINDOWS\mafosav.INI
2014-01-03 14:35 - 2013-11-04 17:23 - 00594630 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-31 18:49 - 2013-11-04 20:29 - 00000000 ___RD C:\Program Files\Skype
2013-12-31 18:49 - 2013-11-04 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-12-30 20:03 - 2013-12-13 16:47 - 00000000 ____D C:\Program Files\Steam

Some content of TEMP:
====================
C:\Documents and Settings\Brat\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================