Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows live installer [Closed]


  • This topic is locked This topic is locked

#1
romco

romco

    New Member

  • Member
  • Pip
  • 1 posts

Hi, i need some help guys. I just purchased a new computer. I turned it on and after the windows loaded, the window of windows life installer pop up and it started to ask me if i want to install some games, apps and extensions for browsers. I declined everything but it started to install something anyway and MC afee  security blocked it. the window of that installer pop up every 10-15 minutes and always start installing viruses. here is the LOG, thank you so much for your help.

 

  OTL logfile created on: 12/4/2014 9:25:08 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roman\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.92 Gb Total Physical Memory | 8.28 Gb Available Physical Memory | 69.51% Memory free
23.84 Gb Paging File | 19.90 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.81 Gb Total Space | 863.59 Gb Free Space | 94.92% Space Free | Partition Type: NTFS
Drive E: | 21.67 Gb Total Space | 11.41 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
 
Computer Name: ROMAN-PC | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/04 21:24:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
PRC - [2014/12/04 21:02:12 | 001,685,080 | ---- | M] (BitTorrent Inc.) -- C:\Users\Roman\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/12/04 19:37:29 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/04 19:36:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/04 19:35:52 | 000,104,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/12/04 19:28:07 | 000,523,504 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
PRC - [2014/12/04 19:24:37 | 000,136,192 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/12/04 17:20:42 | 000,523,504 | ---- | M] () -- C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
PRC - [2014/12/04 13:56:13 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
PRC - [2014/11/24 22:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/30 13:42:06 | 000,277,584 | ---- | M] (Better Brain) -- C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe
PRC - [2014/01/13 21:02:54 | 000,198,664 | ---- | M] (Dell Products, LP.) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2013/11/21 15:19:24 | 004,136,976 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/11/21 15:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/11/21 15:17:30 | 000,490,344 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/09/25 13:25:34 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/09/25 13:25:28 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/07/30 06:25:00 | 000,286,056 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/07/30 06:24:58 | 000,014,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/06/21 01:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2013/04/26 08:41:06 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/09/23 18:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/04 19:36:24 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/12/04 13:56:13 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
MOD - [2014/12/04 13:55:51 | 000,197,360 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\8d843c5222224b17831f.dll
MOD - [2014/11/24 22:39:25 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
MOD - [2014/11/24 22:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/24 22:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/24 22:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/24 22:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/09/24 04:08:44 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\af2add04dbc75dbaafbf679611c5aae2\System.IdentityModel.ni.dll
MOD - [2014/09/24 04:08:42 | 019,536,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a8e34abf48d8f47064adb0e6f098c463\System.ServiceModel.ni.dll
MOD - [2014/09/24 04:08:34 | 001,075,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\325a216798d8cec936e4162bac2a6b43\System.ServiceModel.Web.ni.dll
MOD - [2014/09/24 04:08:32 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\42d08f7dc2ccfe772c12567d2c4d21ef\System.Xml.Linq.ni.dll
MOD - [2014/03/06 12:46:08 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fbd27463487e2aa7b161020577c22713\System.Xaml.ni.dll
MOD - [2014/03/06 12:46:03 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\65d8ef00d3e0ecf90bbb5996062a4376\System.Management.ni.dll
MOD - [2014/03/06 12:45:54 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d9f7232b71547ec2c985bbffbbff2a2b\System.Windows.Forms.ni.dll
MOD - [2014/03/06 12:45:49 | 001,631,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dadb15941ecb5c7ad0f4276e7aaed3c9\System.Drawing.ni.dll
MOD - [2014/03/06 12:45:49 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f31ac8665f9f5d8e6ad4abd29f913386\System.ServiceModel.Internals.ni.dll
MOD - [2014/03/06 12:45:49 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll
MOD - [2014/03/06 12:45:48 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll
MOD - [2014/03/06 12:45:46 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\42d1beb0060ffeecafb59c882db36cc0\PresentationFramework.ni.dll
MOD - [2014/03/06 12:45:46 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\f3650a719097cb74b104fea7e8cbb3af\PresentationFramework.Aero.ni.dll
MOD - [2014/03/06 12:45:39 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7b9c01f3fd9fa02d9c4e0ca16cf7f5e0\PresentationCore.ni.dll
MOD - [2014/03/06 12:45:35 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f6ae43015c58cfab09af0d45530b380f\WindowsBase.ni.dll
MOD - [2014/03/06 12:45:30 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2014/03/06 12:45:27 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\61c26df51b250070ba949d858c55aa71\System.Configuration.ni.dll
MOD - [2014/03/06 12:45:26 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d581cfc0867a2d1a3513c967bc954517\System.Core.ni.dll
MOD - [2014/03/06 12:45:23 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2014/03/06 12:45:19 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll
MOD - [2013/11/21 13:00:44 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/11/25 20:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/25 20:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/04 19:36:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/04 19:35:55 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/12/04 19:35:52 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/06 14:31:45 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/07/30 06:24:58 | 000,014,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/06/18 20:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/11 15:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 15:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/21 11:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/11/30 10:29:34 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2012/11/23 14:19:04 | 000,388,240 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/11/09 04:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/11/09 04:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/10/06 05:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 17:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (51cdb72)
SRV - [2014/12/04 19:28:07 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe -- (Util snipsmart)
SRV - [2014/12/04 19:24:37 | 000,136,192 | ---- | M] () [Auto | Running] -- C:\Users\Roman\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)
SRV - [2014/12/04 17:20:42 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\snipsmart\updatesnipsmart.exe -- (Update snipsmart)
SRV - [2014/10/30 13:42:06 | 000,277,584 | ---- | M] (Better Brain) [Auto | Running] -- C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe -- (bbsvc_1.10.0.2)
SRV - [2014/03/06 12:42:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/13 21:02:54 | 000,198,664 | ---- | M] (Dell Products, LP.) [Auto | Running] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/11/21 15:18:54 | 001,915,920 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/09/25 13:25:34 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/25 13:25:28 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/11 11:51:36 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/07/02 21:00:14 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/06/21 01:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/09/23 18:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/08 22:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/04 19:37:30 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/04 19:36:46 | 000,106,456 | ---- | M] (Corsica) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\webinstrNewH.sys -- (webinstrNewH)
DRV:64bit: - [2014/12/04 19:36:28 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/12/04 19:36:28 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/04 19:36:28 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/12/04 19:36:28 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/04 19:36:28 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/04 19:36:28 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/04 19:36:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/04 19:36:02 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/12/04 19:35:55 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/12/04 19:35:52 | 000,449,936 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/12/04 13:57:02 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\{8d843c52-2222-4b17-831f-d586c85aaf69}Gw64.sys -- ({8d843c52-2222-4b17-831f-d586c85aaf69}Gw64)
DRV:64bit: - [2014/10/30 13:42:06 | 000,058,232 | ---- | M] (Better Brain) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\bbnfd_1_10_0_2.sys -- (bbnfd_1_10_0_2)
DRV:64bit: - [2013/09/04 05:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/08 07:53:56 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/08/08 07:44:52 | 004,448,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/07/24 12:28:34 | 000,666,984 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/24 12:28:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/09 13:58:32 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/07/02 20:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/07/02 20:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/07/02 20:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/07/02 20:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/07/02 20:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/07/02 20:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/07/02 20:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/07/02 20:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/07/01 11:33:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/07/01 11:33:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/07/01 11:33:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/06/25 13:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013/04/26 08:40:42 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/04/26 08:40:36 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/04/26 08:40:36 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/04/10 11:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/11/09 04:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/11/09 04:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/11/09 04:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/11/09 04:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/11/09 04:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/11/09 04:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/11/01 23:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/11/01 23:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2012/05/28 08:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D942FF09-9F71-4BAE-AC16-B458961DB7A0}
IE:64bit: - HKLM\..\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
IE:64bit: - HKLM\..\SearchScopes\{D942FF09-9F71-4BAE-AC16-B458961DB7A0}: "URL" = http://Vosteran.com/...r=631766530&ir=
IE:64bit: - HKLM\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://groovorio.com...r=654826141&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{D942FF09-9F71-4BAE-AC16-B458961DB7A0}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.c...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKCU\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKCU\..\SearchScopes\{D942FF09-9F71-4BAE-AC16-B458961DB7A0}: "URL" = http://Vosteran.com/...r=631766530&ir=
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://groovorio.com...r=654826141&ir=
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/04 19:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/12/04 19:17:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0A51D001-288A-8757-82EA-88D072F82825}: C:\Program Files (x86)\ver8BlockAndSurf\184.xpi [2014/12/04 19:37:04 | 000,015,666 | ---- | M] ()
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.1119.433.4_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/12/04 20:44:02 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Users\Roman\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_18A1594E0F7F3FF02E74E666D5F77580] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DelTr1511774] cmd.exe /c rd /s /q  "C:\Users\Roman\AppData\Roaming\WSE_Vosteran" File not found
O4 - HKLM..\RunOnce: [DelTr1568293] cmd.exe /c rd /s /q  "C:\Users\Roman\AppData\Roaming\Groovorio" File not found
O4 - HKCU..\RunOnce: [DelTr1511774] cmd.exe /c rd /s /q  "C:\Users\Roman\AppData\Roaming\WSE_Vosteran" File not found
O4 - HKCU..\RunOnce: [DelTr1568293] cmd.exe /c rd /s /q  "C:\Users\Roman\AppData\Roaming\Groovorio" File not found
O4 - HKCU..\RunOnce: [Groovorio]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E27137A-5792-416E-9FD4-D1C001093007}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/03 14:09:57 | 000,000,000 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/04 21:24:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2014/12/04 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\WorldofTanks
[2014/12/04 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Sparta
[2014/12/04 21:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/12/04 21:01:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\BitTorrent
[2014/12/04 20:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/12/04 20:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/12/04 20:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/12/04 20:41:07 | 000,000,000 | R--D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/12/04 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\600440862
[2014/12/04 20:11:40 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\AVAST Software
[2014/12/04 19:37:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2014/12/04 19:37:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2014/12/04 19:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/12/04 19:37:10 | 000,116,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/12/04 19:37:09 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/12/04 19:37:08 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/12/04 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\ConvertAd
[2014/12/04 19:37:04 | 000,106,456 | ---- | C] (Corsica) -- C:\Windows\SysNative\drivers\webinstrNewH.sys
[2014/12/04 19:37:04 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/12/04 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ver8BlockAndSurf
[2014/12/04 19:37:03 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/12/04 19:37:02 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/12/04 19:37:00 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/04 19:36:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/04 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\BetterBrain_1.10.0.2
[2014/12/04 19:35:59 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Programs
[2014/12/04 19:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BetterBrain_1.10.0.2
[2014/12/04 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\WSE_Vosteran
[2014/12/04 19:35:52 | 000,449,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/12/04 19:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/12/04 19:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/12/04 19:29:21 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{8d843c52-2222-4b17-831f-d586c85aaf69}Gw64.sys
[2014/12/04 19:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/04 19:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Google
[2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/12/04 19:24:23 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/12/04 19:24:22 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\VOPackage
[2014/12/04 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2014/12/04 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Pro_PC_Cleaner
[2014/12/04 19:23:47 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\ProPCCleaner
[2014/12/04 19:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\snipsmart
[2014/12/04 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Groovorio
[2014/12/04 19:20:04 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Intel Corporation
[2014/12/04 19:19:32 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\ElevatedDiagnostics
[2014/12/04 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2014/12/04 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\BMExplorer
[2014/12/04 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\Bluetooth Folder
[2014/12/04 19:19:04 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Atheros
[2014/12/04 19:18:50 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Adobe
[2014/12/04 19:18:07 | 000,000,000 | R--D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/12/04 19:18:07 | 000,000,000 | R--D | C] -- C:\Users\Roman\Searches
[2014/12/04 19:18:07 | 000,000,000 | R--D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/12/04 19:18:07 | 000,000,000 | -H-D | C] -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/12/04 19:17:57 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Identities
[2014/12/04 19:17:55 | 000,000,000 | R--D | C] -- C:\Users\Roman\Contacts
[2014/12/04 19:17:52 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\VirtualStore
[2014/12/04 19:17:39 | 000,000,000 | --SD | C] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Videos
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Saved Games
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Pictures
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Music
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Links
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Favorites
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Downloads
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Documents
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\Desktop
[2014/12/04 19:17:39 | 000,000,000 | R--D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\AppData\Local\Temporary Internet Files
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Templates
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Start Menu
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\SendTo
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Recent
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\PrintHood
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\NetHood
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Documents\My Videos
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Documents\My Pictures
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Documents\My Music
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\My Documents
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Local Settings
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\AppData\Local\History
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Cookies
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\Application Data
[2014/12/04 19:17:39 | 000,000,000 | -HSD | C] -- C:\Users\Roman\AppData\Local\Application Data
[2014/12/04 19:17:39 | 000,000,000 | -H-D | C] -- C:\Users\Roman\AppData
[2014/12/04 19:17:39 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Temp
[2014/12/04 19:17:39 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Local\Microsoft
[2014/12/04 19:17:39 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Media Center Programs
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/04 21:24:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2014/12/04 21:10:47 | 000,001,101 | ---- | M] () -- C:\Users\Roman\Desktop\Continue Live Installation.lnk
[2014/12/04 21:02:12 | 000,000,879 | ---- | M] () -- C:\Users\Roman\Desktop\BitTorrent.lnk
[2014/12/04 21:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/04 20:53:47 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/04 20:46:47 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 20:46:47 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 20:44:39 | 000,781,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/04 20:44:39 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/04 20:44:39 | 000,121,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/04 20:40:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/04 20:38:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/04 20:19:16 | 1008,427,006 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/04 20:11:21 | 000,002,283 | ---- | M] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/04 19:37:38 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2014/12/04 19:37:38 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Avast Premier.lnk
[2014/12/04 19:37:30 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/12/04 19:37:08 | 000,001,971 | ---- | M] () -- C:\Windows\patsearch.bin
[2014/12/04 19:37:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf
[2014/12/04 19:36:46 | 000,106,456 | ---- | M] (Corsica) -- C:\Windows\SysNative\drivers\webinstrNewH.sys
[2014/12/04 19:36:28 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/12/04 19:36:28 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/04 19:36:28 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/12/04 19:36:28 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/12/04 19:36:28 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/12/04 19:36:28 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/12/04 19:36:28 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/12/04 19:36:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/12/04 19:36:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/04 19:36:02 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/12/04 19:35:59 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/04 19:35:52 | 000,449,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/12/04 19:35:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/04 19:19:35 | 000,001,409 | ---- | M] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/04 17:05:56 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/12/04 17:05:56 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/12/04 13:57:02 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{8d843c52-2222-4b17-831f-d586c85aaf69}Gw64.sys
 
========== Files Created - No Company Name ==========
 
[2014/12/04 21:10:47 | 000,001,101 | ---- | C] () -- C:\Users\Roman\Desktop\Continue Live Installation.lnk
[2014/12/04 21:02:12 | 000,000,879 | ---- | C] () -- C:\Users\Roman\Desktop\BitTorrent.lnk
[2014/12/04 20:53:47 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/04 19:37:38 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2014/12/04 19:37:38 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Avast Premier.lnk
[2014/12/04 19:37:09 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/12/04 19:37:08 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/12/04 19:37:08 | 000,001,971 | ---- | C] () -- C:\Windows\patsearch.bin
[2014/12/04 19:37:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf
[2014/12/04 19:37:06 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/12/04 19:27:15 | 000,002,283 | ---- | C] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/04 19:27:15 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/04 19:25:08 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/04 19:25:08 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/04 19:19:35 | 000,001,409 | ---- | C] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/04 19:18:50 | 000,001,415 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/12/04 19:17:39 | 000,000,290 | ---- | C] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/12/04 19:17:39 | 000,000,272 | ---- | C] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/06 14:16:55 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014/03/06 14:16:55 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/03/06 14:16:55 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/06 12:51:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/11 15:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/03/06 14:31:38 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/06 14:31:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/04 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\AVAST Software
[2014/12/04 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\BitTorrent
[2014/12/04 19:21:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Groovorio
[2014/12/04 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2014/12/04 19:24:38 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\VOPackage
[2014/12/04 19:36:15 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\WSE_Vosteran
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have some adware running, I would like to use a different scanner so that I can kill it in one fell swoop

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP