Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2013 01
Ran by Rozmi (administrator) on MATEUSZ on 15-12-2013 18:28:20
Running from C:\Users\Rozmi\Desktop\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533224 2009-06-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {8EE54749-DBCA-4391-919F-DF1F478959BD} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
SearchScopes: HKCU - {8EE54749-DBCA-4391-919F-DF1F478959BD} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

Chrome: 
=======
CHR DefaultSearchKeyword: google.pl
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rozmi\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Rozmi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Rozmi\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (Google Docs) - C:\Users\Rozmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Rozmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Search) - C:\Users\Rozmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Rozmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Rozmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Rozmi\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-12-04] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe [221266 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-12-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [67680 2013-12-04] (Avira Operations GmbH & Co. KG)
R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-04] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Rozmi\AppData\Local\Temp\catchme.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 18:28 - 2013-12-15 18:28 - 00000000 ____D C:\FRST
2013-12-15 17:46 - 2013-12-15 17:46 - 00000000 ____D C:\Users\Rozmi\Doctor Web
2013-12-15 17:46 - 2013-12-15 17:46 - 00000000 ____D C:\ProgramData\Doctor Web
2013-12-15 17:33 - 2013-12-15 17:33 - 00071098 _____ C:\Users\Rozmi\Desktop\OTL.Txt
2013-12-15 15:59 - 2013-12-15 18:07 - 00048086 _____ C:\Windows\PFRO.log
2013-12-15 15:59 - 2013-12-15 18:07 - 00000112 _____ C:\Windows\setupact.log
2013-12-15 15:59 - 2013-12-15 15:59 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 15:47 - 2013-12-15 15:56 - 00000000 ____D C:\AdwCleaner
2013-12-15 15:37 - 2013-12-15 15:37 - 00000000 ____D C:\Windows\pss
2013-12-15 15:35 - 2013-12-15 15:35 - 00241668 _____ C:\Users\Rozmi\Documents\cc_20131215_153509.reg
2013-12-15 15:29 - 2013-12-15 15:29 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-15 15:29 - 2013-12-15 15:29 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 15:02 - 2013-12-15 15:02 - 00000000 ____D C:\Users\Rozmi\Documents\ProcAlyzer Dumps
2013-12-15 14:56 - 2013-12-15 14:56 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-15 14:56 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-15 14:55 - 2013-12-15 15:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-15 14:55 - 2013-12-15 14:57 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-04 19:48 - 2013-12-04 19:48 - 00000000 ____D C:\Users\Rozmi\AppData\Roaming\Avira
2013-12-04 19:40 - 2013-12-04 19:40 - 00002016 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-04 19:39 - 2013-12-15 14:26 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 19:39 - 2013-12-04 19:39 - 00000000 ____D C:\ProgramData\Avira
2013-12-04 19:39 - 2013-12-04 19:39 - 00000000 ____D C:\Program Files\Avira
2013-12-04 19:39 - 2013-12-04 19:37 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-04 19:39 - 2013-12-04 19:37 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-04 19:39 - 2013-12-04 19:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-04 19:39 - 2013-12-04 19:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-04 18:26 - 2013-12-04 18:26 - 00012596 _____ C:\ComboFix.txt
2013-12-04 17:55 - 2013-12-04 18:26 - 00000000 ____D C:\Qoobox
2013-12-04 17:55 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-04 17:55 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-04 17:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-04 17:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-04 17:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-04 17:55 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-04 17:55 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-04 17:55 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-04 17:54 - 2013-12-04 18:24 - 00000000 ____D C:\Windows\erdnt
2013-12-04 17:28 - 2013-12-15 18:10 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Rozmi.job
2013-12-04 17:27 - 2013-12-15 17:29 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Rozmi.job
2013-12-04 17:27 - 2013-12-15 16:29 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Rozmi.job
2013-11-18 11:01 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-18 11:01 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-18 11:01 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-18 11:01 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-18 11:01 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-18 11:00 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-18 11:00 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-18 11:00 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-18 11:00 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-18 10:09 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-16 16:27 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-16 16:27 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-16 16:27 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-16 16:25 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-16 16:25 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-16 16:25 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-16 16:25 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-16 16:25 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-16 16:25 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-16 16:25 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-16 16:25 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-16 16:25 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-16 16:25 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-16 16:23 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-16 16:22 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-16 16:22 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-16 16:22 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

==================== One Month Modified Files and Folders =======

2013-12-15 18:28 - 2013-12-15 18:28 - 00000000 ____D C:\FRST
2013-12-15 18:17 - 2009-10-15 03:54 - 00000012 ____H C:\dvmexp.idx
2013-12-15 18:17 - 2009-07-14 05:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 18:17 - 2009-07-14 05:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 18:16 - 2009-10-15 02:58 - 01978243 _____ C:\Windows\WindowsUpdate.log
2013-12-15 18:10 - 2013-12-04 17:28 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Rozmi.job
2013-12-15 18:10 - 2012-12-27 15:22 - 00000000 ____D C:\Users\Rozmi\AppData\Roaming\Winamp
2013-12-15 18:07 - 2013-12-15 15:59 - 00048086 _____ C:\Windows\PFRO.log
2013-12-15 18:07 - 2013-12-15 15:59 - 00000112 _____ C:\Windows\setupact.log
2013-12-15 18:07 - 2011-12-01 19:37 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 18:07 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 17:50 - 2011-12-01 19:37 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 17:49 - 2010-08-12 14:51 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261754263-3342866274-1701697279-1000UA.job
2013-12-15 17:46 - 2013-12-15 17:46 - 00000000 ____D C:\Users\Rozmi\Doctor Web
2013-12-15 17:46 - 2013-12-15 17:46 - 00000000 ____D C:\ProgramData\Doctor Web
2013-12-15 17:46 - 2010-08-12 14:12 - 00000000 ____D C:\Users\Rozmi
2013-12-15 17:33 - 2013-12-15 17:33 - 00071098 _____ C:\Users\Rozmi\Desktop\OTL.Txt
2013-12-15 17:29 - 2013-12-04 17:27 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Rozmi.job
2013-12-15 16:29 - 2013-12-04 17:27 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Rozmi.job
2013-12-15 16:07 - 2009-10-05 21:36 - 00710794 _____ C:\Windows\system32\perfh015.dat
2013-12-15 16:07 - 2009-10-05 21:36 - 00139644 _____ C:\Windows\system32\perfc015.dat
2013-12-15 16:07 - 2009-07-24 17:11 - 01576452 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-15 15:59 - 2013-12-15 15:59 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 15:56 - 2013-12-15 15:47 - 00000000 ____D C:\AdwCleaner
2013-12-15 15:37 - 2013-12-15 15:37 - 00000000 ____D C:\Windows\pss
2013-12-15 15:35 - 2013-12-15 15:35 - 00241668 _____ C:\Users\Rozmi\Documents\cc_20131215_153509.reg
2013-12-15 15:33 - 2011-02-14 20:09 - 00000000 ____D C:\Windows\Minidump
2013-12-15 15:33 - 2009-07-24 18:00 - 00000000 ____D C:\Windows\Panther
2013-12-15 15:29 - 2013-12-15 15:29 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-15 15:29 - 2013-12-15 15:29 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 15:04 - 2013-12-15 14:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-15 15:02 - 2013-12-15 15:02 - 00000000 ____D C:\Users\Rozmi\Documents\ProcAlyzer Dumps
2013-12-15 14:57 - 2013-12-15 14:55 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-15 14:56 - 2013-12-15 14:56 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-15 14:49 - 2010-08-12 14:51 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261754263-3342866274-1701697279-1000Core.job
2013-12-15 14:26 - 2013-12-04 19:39 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 19:48 - 2013-12-04 19:48 - 00000000 ____D C:\Users\Rozmi\AppData\Roaming\Avira
2013-12-04 19:40 - 2013-12-04 19:40 - 00002016 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-04 19:39 - 2013-12-04 19:39 - 00000000 ____D C:\ProgramData\Avira
2013-12-04 19:39 - 2013-12-04 19:39 - 00000000 ____D C:\Program Files\Avira
2013-12-04 19:37 - 2013-12-04 19:39 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-04 19:37 - 2013-12-04 19:39 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-04 19:37 - 2013-12-04 19:39 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-04 19:37 - 2013-12-04 19:39 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-04 18:46 - 2011-01-21 20:51 - 00000000 ____D C:\Program Files\StarterBackgroundChanger
2013-12-04 18:26 - 2013-12-04 18:26 - 00012596 _____ C:\ComboFix.txt
2013-12-04 18:26 - 2013-12-04 17:55 - 00000000 ____D C:\Qoobox
2013-12-04 18:26 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-04 18:24 - 2013-12-04 17:54 - 00000000 ____D C:\Windows\erdnt
2013-12-04 18:22 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-12-04 18:20 - 2009-10-05 12:05 - 00000000 ____D C:\Program Files\HP
2013-12-04 17:31 - 2009-10-05 11:52 - 00000000 ____D C:\ProgramData\Norton
2013-12-04 17:19 - 2010-08-12 14:51 - 00000000 ____D C:\Users\Rozmi\AppData\Local\Google
2013-11-22 23:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-22 23:12 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-11-19 03:33 - 2010-10-12 17:32 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 11:04 - 2010-08-12 14:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 16:26 - 2013-08-14 09:48 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 16:00 - 2010-09-12 12:40 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Rozmi\AppData\Local\Temp\avgnt.exe
C:\Users\Rozmi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-04 19:26

==================== End Of Log ============================