Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Auto redirect - please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Auto redirect - please help!

Unread postby AL13 » June 11th, 2012, 5:58 am

Hi! In past couple of weeks a huge amount of flash games were installed to my PC, and the problem I'm having now is every time I swich on/reboot the computer Internet explorer automatically opens on pages madLen.uCoz.coM and gamezona.org. Could you help to get rid of this? I'm also getting a bit paranoid about catching some other malware that I'm not able to see - could you please check if there is anything else that needs fixing? thanks a lot!
DDS logs:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Александра at 13:43:28 on 2012-06-11
Microsoft Windows 7 Домашняя базовая 6.1.7601.1.1251.7.1049.18.4007.2132 [GMT 4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Персональный файервол ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Александра\Downloads\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENP
uStart Page = gamezona.org
mDefault_Page_URL = hxxp://xn--80afat5b.xn--p1ai
uURLSearchHooks: madLen.uCoz.coM Toolbar: {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\madLen.uCoz.coM\tbmadL.dll
mURLSearchHooks: madLen.uCoz.coM Toolbar: {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\madLen.uCoz.coM\tbmadL.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO: madLen.uCoz.coM Toolbar: {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\madLen.uCoz.coM\tbmadL.dll
BHO: Помощник по входу с помощью идентификатора Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: madLen.uCoz.coM Toolbar: {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - C:\Program Files (x86)\madLen.uCoz.coM\tbmadL.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [b762d2b7609ec7ffb7cb9ad15a8a15dd] iexplore.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [start] C:\WINDOWS\TASKMAN.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Отправить изображение на &устройство Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: Interfaces\{F32F2F52-F05E-4E51-9FB1-4C45EBC4F1AF} : NameServer = 83.243.64.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
BHO-X64: {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
{8dec4b69-27c4-405d-a37d-8d45c83f66ab}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{8dec4b69-27c4-405d-a37d-8d45c83f66ab}
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun-x64: [start] C:\WINDOWS\TASKMAN.bat
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-14 810144]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-28 40808]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-5-26 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-28 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-5-26 93032]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-28 148840]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-9-28 446592]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-5-26 144232]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-5-26 64952]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-28 2656280]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 IntcDAud;Аудио Intel(R) для дисплеев;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Драйвер адаптера Intel(R) Wireless WiFi Link серии 5000 для Windows 7 64 Bit ;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-4-1 25584]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Служба Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Служба Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-9-28 332272]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-28 83304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-11 09:41:09 -------- d-----w- C:\Users\?ыхъёрэфЁр\AppData\Local\Microsoft
2012-06-10 17:53:33 -------- d-----w- C:\Users\Александра\AppData\Roaming\dvdcss
2012-06-09 17:38:45 -------- d-----w- C:\Users\Александра\AppData\Roaming\Funlinker
2012-06-08 09:46:19 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF26C08B-DA6A-4F42-B4E0-FF5556F01FB2}\mpengine.dll
2012-06-08 06:45:06 -------- d-----w- C:\Users\Александра\AppData\Roaming\Stand O'Food 3
2012-06-07 11:11:56 -------- d-----w- C:\ProgramData\Farm Fishes
2012-06-07 11:07:31 -------- d-----w- C:\Program Files (x86)\madLen.uCoz.coM
2012-06-07 11:07:31 -------- d-----w- C:\Program Files (x86)\Conduit
2012-06-07 11:06:50 -------- d-----w- C:\Users\Александра\AppData\Roaming\Mozilla
2012-06-06 16:30:27 -------- d-----w- C:\Users\Александра\AppData\Roaming\WeatherLord
2012-06-06 16:30:27 -------- d-----w- C:\ProgramData\WeatherLord
2012-06-06 11:21:23 -------- d-----w- C:\Users\Александра\AppData\Roaming\FamilyVacationCalifornia
2012-06-06 10:46:15 -------- d-----w- C:\Users\Александра\AppData\Roaming\Elephant Games
2012-06-06 10:46:15 -------- d-----w- C:\ProgramData\Elephant Games
2012-06-05 16:11:16 -------- d-----w- C:\Users\Александра\AppData\Roaming\Blue Tea Games
2012-06-05 14:23:38 -------- d-----w- C:\Users\Александра\AppData\Roaming\Aidem Media
2012-06-05 13:40:16 -------- d-----w- C:\Users\Александра\AppData\Roaming\V5 Play
2012-06-04 18:31:18 -------- d-----w- C:\Users\Александра\AppData\Roaming\JoyBits
2012-06-03 19:36:39 -------- d-----w- C:\ProgramData\Intenium
2012-06-03 18:46:55 -------- d-----w- C:\Users\Александра\AppData\Roaming\CoronationStreetPC
2012-06-03 15:35:05 -------- d-----w- C:\Users\Александра\AppData\Roaming\Artifex Mundi
2012-06-03 15:10:40 -------- d-----w- C:\Users\Александра\AppData\Roaming\SulusGames
2012-06-02 16:06:09 -------- d-----w- C:\ProgramData\Venus DS
2012-06-02 12:06:30 -------- d-----w- C:\Users\Александра\AppData\Roaming\Skunk Studios
2012-06-02 10:33:23 -------- d-----w- C:\Users\Александра\AppData\Roaming\Alawar
2012-06-02 10:33:23 -------- d-----w- C:\ProgramData\Alawar
2012-06-02 10:28:27 -------- d-----w- C:\ProgramData\PopCap Games
2012-06-01 19:23:49 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-06-01 19:23:01 -------- d-----w- C:\Users\Александра\AppData\Roaming\SpinTop Games
2012-06-01 17:58:56 -------- d-----w- C:\Users\Александра\AppData\Roaming\PoBros
2012-06-01 17:58:56 -------- d-----w- C:\ProgramData\PoBros
2012-06-01 17:13:35 -------- d-----w- C:\Users\Александра\AppData\Roaming\SoftGrid Client
2012-06-01 17:12:54 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-06-01 17:12:34 -------- d-----w- C:\Users\Александра\AppData\Roaming\TP
2012-06-01 10:37:37 -------- d-----w- C:\ProgramData\Alawar Stargaze
2012-06-01 10:37:36 -------- d-----w- C:\ProgramData\AlawarWrapper
2012-06-01 10:10:42 -------- d-----w- C:\Users\Александра\AppData\Roaming\Alawar Stargaze
2012-05-31 17:23:52 -------- d-----w- C:\Users\Александра\AppData\Roaming\Brabl
2012-05-31 17:23:52 -------- d-----w- C:\Users\Александра\.gstreamer-0.10
2012-05-31 17:23:52 -------- d-----w- C:\Users\Александра\.gnome2
2012-05-30 18:23:15 -------- d-----w- C:\ProgramData\GameHouse
2012-05-30 18:20:32 -------- d-----w- C:\Users\Александра\AppData\Roaming\Zylom
2012-05-30 18:15:04 -------- d-----w- C:\ProgramData\Slapdash Games
2012-05-30 17:45:46 -------- d-----w- C:\Users\Александра\AppData\Roaming\My Games
2012-05-30 10:46:57 -------- d-----w- C:\Users\Александра\AppData\Roaming\PassionFruit Games
2012-05-29 14:26:07 -------- d-----w- C:\Users\Александра\AppData\Roaming\PathToSuccess_RU
2012-05-29 08:56:34 -------- d-----w- C:\Users\Александра\AppData\Roaming\Freeze Tag
2012-05-28 17:04:35 -------- d-----r- C:\Program Files (x86)\Skype
2012-05-28 17:04:34 -------- d-----w- C:\Users\Александра\AppData\Roaming\Skype
2012-05-28 15:03:52 -------- d-----w- C:\Users\Александра\AppData\Roaming\8floor
2012-05-28 15:03:52 -------- d-----w- C:\ProgramData\8floor
2012-05-27 15:33:20 -------- d-----w- C:\ProgramData\SpookyMall
2012-05-27 09:33:37 -------- d-----w- C:\Users\Александра\AppData\Roaming\vlc
2012-05-27 09:32:45 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-05-27 09:26:49 -------- d-----w- C:\Users\Александра\AppData\Roaming\Google
2012-05-27 09:10:24 -------- d-----w- C:\Program Files (x86)\Mail.Ru
2012-05-27 09:09:34 -------- d-----w- C:\Program Files (x86)\Toolbar
2012-05-27 09:09:29 -------- d-----w- C:\Users\Александра\AppData\Roaming\Opera
2012-05-27 08:59:03 -------- d-----w- C:\Users\Александра\AppData\Roaming\WinRAR
2012-05-27 08:59:02 -------- d-----w- C:\Users\Александра\AppData\Roaming\Thinstall
2012-05-27 08:57:39 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-05-27 08:56:47 -------- d-----w- C:\Users\Александра\AppData\Roaming\uTorrent
2012-05-27 07:38:50 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-05-27 07:38:50 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-05-27 07:25:44 -------- d-----w- C:\Users\Александра\AppData\Roaming\PCDr
2012-05-26 16:37:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-26 16:26:06 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-26 16:26:06 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-26 16:26:06 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-26 16:26:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-26 16:26:06 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-26 16:26:06 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-26 16:26:06 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-26 16:26:05 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-26 16:21:15 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-26 16:21:15 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-26 16:21:14 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-26 16:21:14 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-26 16:18:54 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-26 16:18:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-26 16:17:47 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-26 16:17:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-26 16:17:46 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-26 16:17:46 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-26 16:08:19 -------- d-----w- C:\Users\Александра\AppData\Roaming\ESET
2012-05-26 16:07:51 -------- d-----w- C:\Program Files\ESET
2012-05-26 16:01:37 -------- d-----w- C:\Users\Александра\AppData\Roaming\Macromedia
2012-05-26 16:01:36 -------- d-----w- C:\Users\Александра\AppData\Roaming\Adobe
2012-05-26 15:51:00 -------- d-----w- C:\Users\Александра\AppData\Roaming\PwrMgr
2012-05-26 15:48:44 -------- d-----w- C:\Users\Александра\AppData\Roaming\Leadertech
2012-05-26 15:48:43 -------- d-----w- C:\Users\Александра\AppData\Roaming\ATI
2012-05-26 15:47:04 -------- d-----r- C:\Users\Александра\Searches
2012-05-26 15:46:53 -------- d-----w- C:\Users\Александра\AppData\Roaming\Identities
2012-05-26 15:46:49 -------- d-----r- C:\Users\Александра\Contacts
2012-05-26 15:42:55 -------- d-sh--we C:\ProgramData\Шаблоны
2012-05-26 15:42:55 -------- d-sh--we C:\ProgramData\Рабочий стол
2012-05-26 15:42:55 -------- d-sh--we C:\ProgramData\Главное меню
2012-05-26 15:42:55 -------- d-sh--we C:\ProgramData\Избранное
2012-05-26 15:42:55 -------- d-sh--we C:\ProgramData\Документы
.
==================== Find3M ====================
.
2012-05-02 13:22:54 25088 ----a-w- C:\Program Files (x86)\getfile.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2011-06-09 16:39:58 224256 ----a-w- C:\Program Files (x86)\wget.exe
.
============= FINISH: 13:43:43,66 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Домашняя базовая
Boot Device: \Device\HarddiskVolume1
Install Date: 26.05.2012 19:42:57
System Uptime: 11.06.2012 12:00:23 (1 hours ago)
.
Motherboard: LENOVO | | 1143CZG
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 413,207 GiB free.
D: is CDROM (CDFS)
E: is FIXED (FAT32) - 233 GiB total, 1,141 GiB free.
Q: is FIXED (NTFS) - 12 GiB total, 2,097 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 01.06.2012 23:22:15 - Installed Vacation Quest 2 - Australia
RP10: 02.06.2012 13:02:06 - Центр обновления Windows
RP11: 02.06.2012 15:40:00 - Removed Vacation Quest 2 - Australia
RP12: 03.06.2012 3:00:11 - Центр обновления Windows
RP13: 04.06.2012 14:04:21 - Центр обновления Windows
RP14: 04.06.2012 14:06:56 - Центр обновления Windows
RP15: 05.06.2012 19:26:55 - Installed Macabre Mysteries - Curse of the Nightengale Collectors Edition
RP16: 06.06.2012 11:11:24 - Removed Macabre Mysteries - Curse of the Nightengale Collectors Edition
RP17: 08.06.2012 13:45:51 - Центр обновления Windows
.
==== Installed Programs ======================
.
Агентство моделей Full
Фотоальбом Windows Live
µTorrent
Почта Windows Live
Основные компоненты Windows Live
Элемент управления Windows Live Mesh ActiveX для удаленных подключений
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0 - Russian
Burn.Now 4.5
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
D3DX10
Direct DiscRecorder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel(R) Display Audio Driver
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Wireless Display
Junk Mail filter update
Lenovo Registration
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
madLen.uCoz.coM Toolbar
Mesh Runtime
Message Center Plus
Microsoft Office 2010
Microsoft Office Starter 2010 - русский
Microsoft Office нажми и работай 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerXpressHybrid
PX Profile Update
Realtek Ethernet Controller Driver
RICOH_Media_Driver_v2.13.18.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.0
System Update
ThinkPad Power Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VIPAccess
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am
Advertisement
Register to Remove

Re: Auto redirect - please help!

Unread postby maxi » June 12th, 2012, 10:05 am

Hello AL13,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby AL13 » June 12th, 2012, 10:37 am

Hello, maxi :)

thanks a lot for agreeing to help, will be waiting for your reply then.
thanks again, AL13
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am

Re: Auto redirect - please help!

Unread postby maxi » June 13th, 2012, 8:32 am

Hi AL13,

Step 1
Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller.
    Some questions may be worded to deceive you into keeping the program.

Also remove these two programs while you are removing this program.
Adobe Flash Player 10 ActiveX
madLen.uCoz.coM Toolbar

Step 2
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please include:
Both logs from OTL.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby AL13 » June 14th, 2012, 7:30 am

Hi maxi,
I hope I did everything correctly :)
OTL logs:


OTL logfile created on: 14.06.2012 15:03:28 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Александра\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 40,73% Memory free
7,82 Gb Paging File | 5,36 Gb Available in Paging File | 68,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,87 Gb Total Space | 411,87 Gb Free Space | 90,95% Space Free | Partition Type: NTFS
Drive D: | 265,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 232,83 Gb Total Space | 0,34 Gb Free Space | 0,15% Space Free | Partition Type: FAT32
Drive Q: | 11,72 Gb Total Space | 2,10 Gb Free Space | 17,90% Space Free | Partition Type: NTFS

Computer Name: AL | User Name: Александра | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012.06.14 15:00:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Александра\Desktop\OTL.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.24 10:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011.06.01 22:01:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.06.01 22:01:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.05.26 14:43:14 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.27 23:42:42 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011.04.13 05:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011.04.04 18:23:50 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.04.04 18:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.04.04 18:22:10 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.04.04 18:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.04.04 05:27:22 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011.03.29 08:41:10 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 07:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 07:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.14 12:33:16 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011.01.07 07:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010.09.23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010.04.07 09:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 09:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011.06.24 10:25:49 | 000,329,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\ppgooglenaclpluginchrome.dll
MOD - [2011.06.24 10:25:47 | 003,649,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\pdf.dll
MOD - [2011.06.24 10:24:21 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MOD - [2011.06.24 10:24:20 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MOD - [2011.06.24 10:24:18 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MOD - [2011.06.24 07:20:43 | 006,333,088 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\gcswf32.dll
MOD - [2010.04.06 09:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 09:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009.12.22 01:35:14 | 007,520,256 | ---- | M] () -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RdLang32.RUS
MOD - [2009.10.03 02:50:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.RUS
MOD - [2009.10.03 02:47:10 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.RUS
MOD - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009.02.27 20:19:00 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.RUS
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.07.08 17:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011.04.27 23:41:18 | 000,968,480 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.04.20 05:04:40 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011.04.04 18:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011.04.04 18:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011.04.04 05:27:22 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011.03.29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2011.03.29 08:41:10 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011.02.04 10:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.02.01 09:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.01.14 12:33:54 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011.01.14 12:33:16 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010.12.17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010.12.17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.12.17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010.12.17 02:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.07 09:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009.07.14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.28 05:26:15 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011.06.01 22:01:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.06.01 22:01:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.04.13 05:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011.02.22 07:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.22 07:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.07 07:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.03.19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 05:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009.06.11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.28 16:42:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.28 16:42:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.07.08 17:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2011.06.27 19:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.01 22:01:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.05.05 15:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.27 19:50:38 | 000,436,776 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.04.27 19:50:32 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.27 19:50:32 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.27 19:50:32 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.27 19:50:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.04.08 15:09:38 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011.03.29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.25 13:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.24 10:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.23 16:25:00 | 000,101,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.03.04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.02.04 10:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.04 09:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.01 09:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.12.21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.12.21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010.12.21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010.12.21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.12.21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Драйвер адаптера Intel(R)
DRV:64bit: - [2010.11.21 07:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 07:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 07:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 18:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 20:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Аудио Intel(R)
DRV:64bit: - [2010.09.07 09:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.07.14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 06:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 13:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2009.07.14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://xn--80afat5b.xn--p1ai
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENP
IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = gamezona.org
IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\..\SearchScopes,DefaultScope = {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2011.09.28 05:31:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.05.26 20:07:51 | 000,000,000 | ---D | M]

[2012.06.07 15:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Александра\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009.06.11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [start] C:\Windows\TASKMAN.bat ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4060599717-65973279-4011406112-1000..\Run: [b762d2b7609ec7ffb7cb9ad15a8a15dd] iexplore.exe File not found
O4 - HKU\S-1-5-21-4060599717-65973279-4011406112-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Отправить изображение на &устройство Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Отправить страницу на &устройство Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Отправить изображение на &устройство Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Отправить страницу на &устройство Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Отправить через Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Отправить на устройство Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F32F2F52-F05E-4E51-9FB1-4C45EBC4F1AF}: NameServer = 83.243.64.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.04 10:34:26 | 000,000,114 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007.12.10 11:46:02 | 000,685,312 | R--- | M] (ESET s.r.o.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.06.29 16:33:44 | 000,000,000 | ---D | M] - D:\AutorunConfig -- [ CDFS ]
O32 - AutoRun File - [2007.10.05 08:31:54 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005.11.15 11:08:04 | 000,000,036 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008.06.10 20:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{00256cb6-e96b-11e0-8962-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00256cb6-e96b-11e0-8962-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.11 01:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{9172d843-e96e-11e0-be15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9172d843-e96e-11e0-be15-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.12.10 11:46:02 | 000,685,312 | R--- | M] (ESET s.r.o.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.14 14:59:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Александра\Desktop\OTL.exe
[2012.06.12 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\MigWiz
[2012.06.12 18:40:33 | 000,000,000 | ---D | C] -- C:\Users\Александра\Desktop\101MSDCF
[2012.06.10 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\dvdcss
[2012.06.10 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Александра\Desktop\бок о бок с компьютером
[2012.06.09 21:38:45 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Funlinker
[2012.06.08 16:26:42 | 000,000,000 | ---D | C] -- C:\Users\Александра\Desktop\дербент
[2012.06.08 15:58:14 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Adobe
[2012.06.08 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Stand O'Food 3
[2012.06.07 15:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
[2012.06.07 15:11:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2012.06.07 15:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.06.07 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Mozilla
[2012.06.06 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\WeatherLord
[2012.06.06 20:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WeatherLord
[2012.06.06 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\FamilyVacationCalifornia
[2012.06.06 14:46:15 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Elephant Games
[2012.06.06 14:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
[2012.06.05 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Blue Tea Games
[2012.06.05 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Aidem Media
[2012.06.05 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\V5 Play
[2012.06.04 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\JoyBits
[2012.06.04 17:49:02 | 000,000,000 | ---D | C] -- C:\Users\Александра\Desktop\Махеевъ
[2012.06.03 23:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.06.03 22:46:55 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\CoronationStreetPC
[2012.06.03 19:35:05 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Artifex Mundi
[2012.06.03 19:10:40 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\SulusGames
[2012.06.03 13:39:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.03 13:30:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.06.02 20:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Venus DS
[2012.06.02 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Skunk Studios
[2012.06.02 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Alawar
[2012.06.02 14:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar
[2012.06.02 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012.06.01 23:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.06.01 23:23:01 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\SpinTop Games
[2012.06.01 21:58:56 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\PoBros
[2012.06.01 21:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PoBros
[2012.06.01 21:13:36 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\SoftGrid Client
[2012.06.01 21:13:35 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\SoftGrid Client
[2012.06.01 21:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (русский)
[2012.06.01 21:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.01 21:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.06.01 21:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.06.01 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\TP
[2012.06.01 14:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2012.06.01 14:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2012.06.01 14:10:42 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Alawar Stargaze
[2012.05.31 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Brabl
[2012.05.31 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Александра\.gstreamer-0.10
[2012.05.31 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Александра\.gnome2
[2012.05.30 22:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2012.05.30 22:20:32 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Zylom
[2012.05.30 22:20:31 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.05.30 22:15:04 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Slapdash Games
[2012.05.30 22:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Slapdash Games
[2012.05.30 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\My Games
[2012.05.30 18:45:36 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Oberon Games
[2012.05.30 18:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.05.30 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\PassionFruit Games
[2012.05.29 23:26:52 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Microsoft Games
[2012.05.29 18:26:07 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\PathToSuccess_RU
[2012.05.29 12:56:34 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Freeze Tag
[2012.05.28 21:04:57 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Broadcom
[2012.05.28 21:04:57 | 000,000,000 | ---D | C] -- C:\Users\Александра\Documents\Bluetooth Exchange Folder
[2012.05.28 21:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.28 21:04:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.05.28 21:04:34 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Skype
[2012.05.28 21:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.05.28 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\8floor
[2012.05.28 19:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\8floor
[2012.05.27 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\CrashDumps
[2012.05.27 19:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SpookyMall
[2012.05.27 13:33:37 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\vlc
[2012.05.27 13:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.27 13:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.05.27 13:26:49 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Google
[2012.05.27 13:26:48 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\VeriSign
[2012.05.27 13:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mail.Ru
[2012.05.27 13:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar
[2012.05.27 13:09:29 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Opera
[2012.05.27 13:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.27 13:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.05.27 13:00:43 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Spoon
[2012.05.27 12:59:03 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\WinRAR
[2012.05.27 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Thinstall
[2012.05.27 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Thinstall
[2012.05.27 12:56:47 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\uTorrent
[2012.05.27 11:25:44 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\PCDr
[2012.05.26 20:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.05.26 20:35:44 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.26 20:35:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.26 20:35:43 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.26 20:35:43 | 000,716,800 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\jscript.dll
[2012.05.26 20:35:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.26 20:35:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.26 20:35:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.26 20:35:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.05.26 20:35:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.26 20:35:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.26 20:35:42 | 000,818,688 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\jscript.dll
[2012.05.26 20:26:06 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.05.26 20:26:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.05.26 20:26:06 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.05.26 20:21:15 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.05.26 20:21:15 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.05.26 20:20:52 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.05.26 20:20:52 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.05.26 20:20:51 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.05.26 20:20:51 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.05.26 20:20:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012.05.26 20:20:51 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012.05.26 20:20:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012.05.26 20:20:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012.05.26 20:20:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012.05.26 20:20:51 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012.05.26 20:20:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012.05.26 20:20:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012.05.26 20:20:50 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012.05.26 20:20:37 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.05.26 20:20:36 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.05.26 20:20:36 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.05.26 20:20:36 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.05.26 20:20:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.05.26 20:20:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.05.26 20:20:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.05.26 20:20:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.05.26 20:20:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.05.26 20:20:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.05.26 20:20:32 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.05.26 20:20:32 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.05.26 20:20:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.05.26 20:20:29 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.05.26 20:20:29 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.05.26 20:20:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012.05.26 20:20:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012.05.26 20:20:28 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.05.26 20:20:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.05.26 20:20:27 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.26 20:20:26 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.05.26 20:20:26 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.05.26 20:20:26 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.05.26 20:20:25 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.05.26 20:20:25 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.05.26 20:20:25 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.05.26 20:20:25 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.05.26 20:20:25 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.05.26 20:20:25 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.05.26 20:20:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.05.26 20:20:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.05.26 20:20:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.05.26 20:20:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.05.26 20:20:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.05.26 20:20:15 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.05.26 20:20:15 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.05.26 20:20:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.05.26 20:20:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.26 20:20:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.26 20:20:13 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.26 20:20:12 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.05.26 20:20:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.05.26 20:20:09 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.05.26 20:20:09 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.05.26 20:20:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.05.26 20:20:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.05.26 20:20:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.05.26 20:20:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.05.26 20:20:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.05.26 20:20:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.05.26 20:20:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.05.26 20:20:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.05.26 20:20:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.05.26 20:20:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.05.26 20:20:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.05.26 20:20:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.05.26 20:20:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.05.26 20:20:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.05.26 20:20:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.05.26 20:20:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.05.26 20:20:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.05.26 20:20:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.05.26 20:20:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.05.26 20:20:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.05.26 20:20:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.05.26 20:20:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.05.26 20:20:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.05.26 20:20:06 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.05.26 20:20:05 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.05.26 20:18:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.05.26 20:18:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.05.26 20:17:47 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.05.26 20:17:46 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.05.26 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\ESET
[2012.05.26 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\ESET
[2012.05.26 20:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.05.26 20:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.05.26 20:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.26 20:01:37 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Macromedia
[2012.05.26 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Adobe
[2012.05.26 19:51:00 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\PwrMgr
[2012.05.26 19:48:44 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Leadertech
[2012.05.26 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\ATI
[2012.05.26 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\ATI
[2012.05.26 19:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.05.26 19:47:04 | 000,000,000 | R--D | C] -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.05.26 19:47:04 | 000,000,000 | R--D | C] -- C:\Users\Александра\Searches
[2012.05.26 19:47:04 | 000,000,000 | R--D | C] -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.05.26 19:47:03 | 000,000,000 | -H-D | C] -- C:\Users\Александра\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.05.26 19:46:53 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Identities
[2012.05.26 19:46:49 | 000,000,000 | R--D | C] -- C:\Users\Александра\Contacts
[2012.05.26 19:46:44 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\VirtualStore
[2012.05.26 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Google
[2012.05.26 19:43:08 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Roaming\Intel
[2012.05.26 19:43:07 | 000,000,000 | --SD | C] -- C:\Users\Александра\AppData\Roaming\Microsoft
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Videos
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Saved Games
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Pictures
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Music
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Links
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Favorites
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Downloads
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Documents
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\Desktop
[2012.05.26 19:43:07 | 000,000,000 | R--D | C] -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Шаблоны
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Documents\Моя музыка
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Documents\Мои рисунки
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Мои документы
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Documents\Мои видеозаписи
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Главное меню
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\AppData\Local\Temporary Internet Files
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\SendTo
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Recent
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\PrintHood
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\NetHood
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Local Settings
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\AppData\Local\History
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Cookies
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\Application Data
[2012.05.26 19:43:07 | 000,000,000 | -HSD | C] -- C:\Users\Александра\AppData\Local\Application Data
[2012.05.26 19:43:07 | 000,000,000 | -H-D | C] -- C:\Users\Александра\AppData
[2012.05.26 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Temp
[2012.05.26 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Александра\Roaming
[2012.05.26 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Александра\AppData\Local\Microsoft
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Шаблоны
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Рабочий стол
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Моя музыка
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Мои рисунки
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Мои видеозаписи
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Избранное
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Документы
[2012.05.26 19:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Главное меню

========== Files - Modified Within 30 Days ==========

[2012.06.14 15:06:00 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 15:00:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Александра\Desktop\OTL.exe
[2012.06.14 11:08:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.14 11:01:12 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 11:01:12 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 10:54:23 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 10:53:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 10:53:34 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.12 18:54:29 | 000,014,581 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.06.12 18:54:29 | 000,005,430 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.06.12 18:42:50 | 001,643,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.12 18:42:50 | 000,722,962 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.06.12 18:42:50 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.12 18:42:50 | 000,149,724 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.06.12 18:42:50 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.08 23:14:31 | 000,130,059 | ---- | M] () -- C:\Users\Александра\Desktop\Russia2GTDTProdRecall2012.pdf
[2012.06.03 13:31:13 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.03 03:05:00 | 001,668,690 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.30 14:46:32 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012.05.28 21:04:37 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.27 13:32:53 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.27 13:26:41 | 000,001,432 | ---- | M] () -- C:\Users\Александра\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.05.27 00:33:33 | 000,155,431 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.05.27 00:33:33 | 000,155,431 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.05.26 20:49:17 | 000,302,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.26 19:44:14 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\drivers\17AA_Lenovo_ThinkPad_E520_1143_CZG.MRK

========== Files Created - No Company Name ==========

[2012.06.12 18:41:17 | 000,014,581 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.06.12 18:41:17 | 000,005,430 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.06.08 23:14:41 | 000,130,059 | ---- | C] () -- C:\Users\Александра\Desktop\Russia2GTDTProdRecall2012.pdf
[2012.05.30 14:46:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.05.28 21:04:37 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.27 13:32:53 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.27 13:26:41 | 000,001,432 | ---- | C] () -- C:\Users\Александра\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.05.26 19:48:22 | 000,001,404 | ---- | C] () -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.05.26 19:47:05 | 000,001,438 | ---- | C] () -- C:\Users\Александра\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.05.26 19:44:04 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.26 19:44:03 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.05.26 19:43:07 | 000,000,290 | ---- | C] () -- C:\Users\Александра\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.05.26 19:43:07 | 000,000,272 | ---- | C] () -- C:\Users\Александра\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.05.02 17:22:54 | 000,025,088 | ---- | C] () -- C:\Program Files (x86)\getfile.exe
[2011.09.28 16:28:05 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.09.28 05:10:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 05:06:58 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.09.28 05:05:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.09.28 05:05:44 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.09.28 05:05:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.28 05:05:43 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.28 04:56:59 | 001,668,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.09 20:39:58 | 000,224,256 | ---- | C] () -- C:\Program Files (x86)\wget.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1

< End of report >



OTL Extras logfile created on: 14.06.2012 15:03:28 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Александра\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 40,73% Memory free
7,82 Gb Paging File | 5,36 Gb Available in Paging File | 68,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,87 Gb Total Space | 411,87 Gb Free Space | 90,95% Space Free | Partition Type: NTFS
Drive D: | 265,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 232,83 Gb Total Space | 0,34 Gb Free Space | 0,15% Space Free | Partition Type: FAT32
Drive Q: | 11,72 Gb Total Space | 2,10 Gb Free Space | 17,90% Space Free | Partition Type: NTFS

Computer Name: AL | User Name: Александра | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DC37A2C-47FF-4A94-9669-81AD82C35183}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65E4DB5D-A9A6-4E16-96C2-AAE69E8C021C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1072F2A9-4516-4428-9DF4-B13B12264432}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{15E684FE-0302-4E47-BBE4-BD3F7A4AF2C8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{509A1456-71F5-46AE-84A3-DAF467AEFF16}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9EDD4F0F-DB1E-401E-9542-C5B323359E7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A44A99D8-3162-4B52-89EE-AABF6B62A396}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C6F00BD7-B11E-41D8-A5FC-B3DA4C334320}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D5D01B4-3A34-7E3D-247F-9EFFAC177739}" = ATI Catalyst Install Manager
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2706334C-1B77-41B8-8CAB-EB997D0CCA83}" = ESET Smart Security
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = ПО Intel(R) PROSet/Wireless WiFi
"{2E3AC100-9D78-6765-0C9A-81DF46248BE0}" = ccc-utility64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0419-1000-0000000FF1CE}" = Microsoft Office нажми и работай 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Пакет драйверов Windows - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
"828B05D2B647CDAEA22493F7BFB96847265EE596" = Пакет драйверов Windows - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010)
"ATI Uninstaller" = ATI Uninstaller
"C63C03BF3BE2B6F6204BB54541690449FFF79F4F" = Пакет драйверов Windows - Synaptics (SynTP) Mouse (05/05/2011 15.3.6.0)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"D01A7EE241898C810674C69EB908D655D149BE77" = Пакет драйверов Windows - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008A0DC5-1AC0-B637-A4F4-C1720BDF4664}" = CCC Help Swedish
"{025055FC-779B-42F3-95A5-F6926B2964EF}" = Intel(R) Wireless Display
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{06A7E147-A44F-2A3F-DC3C-38B6212E4A7B}" = CCC Help Hungarian
"{07C5FB04-C500-76B7-EC5D-1E91CF174E42}" = CCC Help Russian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F696F92-465E-564E-EEAB-A2867F415C0C}" = CCC Help German
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{1720F4E9-D7A3-CCA9-E0A0-1620F5920066}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A454E0-C8E2-2E54-4309-993E81533B3E}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2B691C84-5B41-244D-69F3-C7D63E6BBDE4}" = Catalyst Control Center Graphics Previews Common
"{2EFDF45A-D396-29A4-9BB1-703044BD709F}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{4013505A-6D76-56D4-661D-2E7DC88B9667}" = ccc-core-static
"{40B42DD8-2B7B-3D2A-40A5-2C00E7027D6F}" = CCC Help Portuguese
"{4C3CDC15-ACF0-A879-14E0-B1D483BDD3A1}" = CCC Help Korean
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{6196142C-471A-6F6B-8F4C-36236B30778E}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65432036-5D56-62CB-DB3C-4F0981BD65D4}" = CCC Help Japanese
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7C3942BA-2B4E-51BC-B7FD-C35E6EA3C457}" = CCC Help Italian
"{7EA88186-7EDB-455B-E4F2-A62F07FE4D5C}" = CCC Help Czech
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{813747D6-5FC8-45FF-BE80-5BA540C46047}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0419-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - русский
"{904A2D5D-DCBB-BB7C-56BF-C5C6D101F055}" = CCC Help Danish
"{9068164C-5FCE-7EDF-125C-1C6B2772D661}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A15BACFE-F8EA-92A0-F7E1-387C2369092E}" = CCC Help Polish
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A5055F73-FD9D-14B6-98E2-42DA0EF41E2F}" = Catalyst Control Center Localization All
"{A71A465F-F8E5-47E5-0C00-120CD76477A9}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A833C64A-8367-4683-91FB-E574143A1726}" = Catalyst Control Center - Branding
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1049-7B44-A94000000001}" = Adobe Reader 9.4.0 - Russian
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{CC85815F-B397-F48B-BE8C-D73124F2866B}" = CCC Help Turkish
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFE86967-52C1-31D6-60DC-139632597645}" = Catalyst Control Center InstallProxy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E20A3B53-D429-88A0-47BC-49264DCB324A}" = CCC Help Finnish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIPAccess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F4A5B765-FAA3-5DCF-33BF-EAFA19A595DC}" = CCC Help Norwegian
"{F4B62474-496A-F6C7-AF32-F9305A3DDD07}" = CCC Help Thai
"{F691F42B-5B66-656F-8161-EE8A00DE6CCD}" = PX Profile Update
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FDCAA2CF-B837-BB43-5F38-C909BD7C55DB}" = CCC Help Chinese Standard
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Office14.Click2Run" = Microsoft Office нажми и работай 2010
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Основные компоненты Windows Live
"Агентство моделей Full" = Агентство моделей Full

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4060599717-65973279-4011406112-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.05.2012 3:25:44 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:44:2670)(10588) libMatrix.profiler.ProfilerSnapshots
- Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/software) failed

Error - 27.05.2012 3:25:44 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:44:2670)(10588) libMatrix.profiler.ProfilerSnapshots
- Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/software) failed

Error - 27.05.2012 3:25:44 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:44:2860)(10588) libMatrix.profiler.ProfilerSnapshots
- Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/smartdata) failed

Error - 27.05.2012 3:25:44 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:44:2860)(10588) libMatrix.profiler.ProfilerSnapshots
- Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/smartdata) failed

Error - 27.05.2012 3:25:44 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:44:2900)(10588) libMatrix.profiler.ProfilerSnapshots
- Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/performance) failed


Error - 27.05.2012 3:25:44 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:44:2910)(10588) libMatrix.profiler.ProfilerSnapshots
- Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/performance) failed


Error - 27.05.2012 3:25:52 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:52:5170)(10588) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale:
language = ru, customer = lenovo, variant = ltt

Error - 27.05.2012 3:25:52 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:52:5180)(10588) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale:
language = ru, customer = lenovo, variant = ltt

Error - 27.05.2012 3:25:52 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:52:5190)(10588) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 27.05.2012 3:25:52 | Computer Name = Al | Source = PC-Doctor | ID = 1
Description = (10588) Asapi: (11:25:52:5190)(10588) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = ru, customer = lenovo, variant = ltt

[ System Events ]
Error - 26.05.2012 12:48:02 | Computer Name = Al | Source = Service Control Manager | ID = 7034
Description = Служба "Conexant SmartAudio service" неожиданно прервана. Это произошло
(раз): 1.

Error - 26.05.2012 12:48:02 | Computer Name = Al | Source = Service Control Manager | ID = 7034
Description = Служба "Ulead Burning Helper" неожиданно прервана. Это произошло (раз):
1.

Error - 26.05.2012 12:48:03 | Computer Name = Al | Source = Service Control Manager | ID = 7031
Description = Служба Intel(R) Management and Security Application Local Management
Service была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее
действие будет предпринято через 10000 мсек: Перезапуск службы.

Error - 26.05.2012 12:48:06 | Computer Name = Al | Source = Service Control Manager | ID = 7034
Description = Служба "Cisco EnergyWise Enabler" неожиданно прервана. Это произошло
(раз): 1.

Error - 26.05.2012 12:48:08 | Computer Name = Al | Source = Service Control Manager | ID = 7034
Description = Служба "System Update" неожиданно прервана. Это произошло (раз): 1.

Error - 26.05.2012 12:48:09 | Computer Name = Al | Source = Service Control Manager | ID = 7034
Description = Служба "VIPAppService" неожиданно прервана. Это произошло (раз): 1.

Error - 26.05.2012 12:48:09 | Computer Name = Al | Source = Service Control Manager | ID = 7034
Description = Служба "Intel(R) Management and Security Application User Notification
Service" неожиданно прервана. Это произошло (раз): 1.

Error - 26.05.2012 12:48:13 | Computer Name = Al | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "Intel(R) Management and Security Application
Local Management Service" из-за ошибки %%109

Error - 27.05.2012 4:35:31 | Computer Name = Al | Source = DCOM | ID = 10010
Description =

Error - 27.05.2012 4:35:32 | Computer Name = Al | Source = DCOM | ID = 10010
Description =


< End of report >


Awaiting your instructions I remain,
AL13
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am

Re: Auto redirect - please help!

Unread postby maxi » June 14th, 2012, 3:39 pm

Hi Al13,

Could you tell me if you recognize the following:
C:\Users\Александра\Desktop\бок о бок с компьютером
C:\Users\Александра\Desktop\дербент
C:\Users\Александра\Desktop\Махеевъ
C:\Users\Александра\Desktop\Russia2GTDTProdRecall2012.pdf

Step 1
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe and select "Run As Administrator" to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://xn--80afat5b.xn--p1ai
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = gamezona.org
    IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\..\SearchScopes,DefaultScope = {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
    IE - HKU\S-1-5-21-4060599717-65973279-4011406112-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
    O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-4060599717-65973279-4011406112-1000..\Run: [b762d2b7609ec7ffb7cb9ad15a8a15dd] iexplore.exe File not found
    O4 - HKU\S-1-5-21-4060599717-65973279-4011406112-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    [2012.05.27 13:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mail.Ru
    [2012.05.27 13:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar
    [2012.06.07 15:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012.05.27 12:56:47 | 000,000,000 | ---D | C] -- C:\Users\??????????\AppData\Roaming\uTorrent
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E0888117
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
    
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 2
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this files and paths into the white box at the top: (one at a time)
C:\Program Files (x86)\getfile.exe
C:\Program Files (x86)\wget.exe
C:\Windows\TASKMAN.bat

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address)from the three files in your next response.
Example of web address :
Image

Step 3
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click and select "Run As Administrator" to run the program.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.

In your next reply please include:
The log from OTL.
The results of the virus total scans.
The log fromTDSSKiller.
The answer to my questions.
Any change in you machines behaviour.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby AL13 » June 14th, 2012, 6:18 pm

Hi maxi!

Done everything, here are the replies one-by-one:



1. OTL report:


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-4060599717-65973279-4011406112-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4060599717-65973279-4011406112-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4060599717-65973279-4011406112-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4060599717-65973279-4011406112-1000\Software\Microsoft\Windows\CurrentVersion\Run\\b762d2b7609ec7ffb7cb9ad15a8a15dd deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4060599717-65973279-4011406112-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files (x86)\Mail.Ru folder moved successfully.
C:\Program Files (x86)\Toolbar folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
Folder C:\Users\??????????\AppData\Roaming\uTorrent\ not found.
ADS C:\ProgramData\TEMP:E0888117 deleted successfully.
ADS C:\ProgramData\TEMP:3B5038B1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Александра\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Александра
->Temp folder emptied: 192165701 bytes
->Temporary Internet Files folder emptied: 21146859 bytes
->Google Chrome cache emptied: 392018325 bytes
->Flash cache emptied: 3519 bytes

User: Все пользователи

User: └ыхъёрэфЁр

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233757529 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51099 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 800,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06152012_000836

Files\Folders moved on Reboot...
C:\Users\Александра\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


2. Links to Virustotal results:

C:\Program Files (x86)\getfile.exe
https://www.virustotal.com/file/630ba99 ... 339705135/

C:\Program Files (x86)\wget.exe
https://www.virustotal.com/file/02d11d3 ... 339708361/

C:\Windows\TASKMAN.bat
https://www.virustotal.com/file/38043a3 ... 339708452/


3. TDSS
I've run the TDSSKiller, but it didn't find anything suspicious.

4. Could you tell me if you recognize the following:
C:\Users\Александра\Desktop\бок о бок с компьютером
C:\Users\Александра\Desktop\дербент
C:\Users\Александра\Desktop\Махеевъ
C:\Users\Александра\Desktop\Russia2GTDTProdRecall2012.pdf

Yes, those are one pdf file and three folders on the desktop containing some documents (Word and pdf files, some in rar archives),I've created one more today C:\Users\Александра\Desktop\flex
I was going to remove them next week, but I can store those some place else if they're in the way :)


5. Changes in the machine's behavior: this time it didn't open any InternetExplorer windows after reboot, but it did open the GoogleChrome on the page of gamezone.org (a bit scary, both the page itself and the fact that it switched from IE to googlechrome). The other page that was opening before (madLen.uCoz.coM) doesn't open anymore though.



ESET NOD asks me to install updates for operating system, several of which are "critical" - should I install them?

Eternally grateful for your kind support,
AL13
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am

Re: Auto redirect - please help!

Unread postby maxi » June 15th, 2012, 7:31 am

Hi AL13,

Your doing well and there's no need to delete the files and pdf's. I just didn't understand the russian :) Also it would be safer to wait until we are finished to install those updates.

Step 1
Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
If you have successfully created a System Restore Point...we can proceed.


Step 2
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe and select "Run As Administrator" to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :files
    C:\Program Files (x86)\getfile.exe
    
    :commands
    [createrestorepoint]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 3
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 4
We are going to troubleshoot your startups to see which one is starting that chrome window.

Click start (the Windows logo)
Type msconfig and hit Enter
You should receive a prompt from the UAC, Click Yes
Go to the startup tab.

What we are looking for will have a name called "start" and a filename called "taskman.bat"

Uncheck this if you find it, save the changes and restart you computer and let me know if chrome is still opening on startup.

In your next reply please include:
The latest OTL logfile.
The log from aswMBR.
If the chrome or any other browser is starting automatically.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby AL13 » June 15th, 2012, 4:28 pm

Hi maxi,

Here are the log files:

OTL

========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Program Files (x86)\getfile.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06152012_224159

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-15 22:48:12
-----------------------------
22:48:12.812 OS Version: Windows x64 6.1.7601 Service Pack 1
22:48:12.812 Number of processors: 4 586 0x2A07
22:48:12.813 ComputerName: AL UserName:
22:48:15.557 Initialize success
22:49:49.224 AVAST engine defs: 12061500
22:50:35.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:50:35.795 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
22:50:35.807 Disk 0 MBR read successfully
22:50:35.809 Disk 0 MBR scan
22:50:35.813 Disk 0 unknown MBR code
22:50:35.816 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
22:50:35.827 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463738 MB offset 2459648
22:50:35.866 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12000 MB offset 952195072
22:50:36.035 Disk 0 scanning C:\Windows\system32\drivers
22:50:50.185 Service scanning
22:51:19.919 Modules scanning
22:51:19.937 Disk 0 trace - called modules:
22:51:19.982 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:51:20.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006676060]
22:51:20.328 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> [0xfffffa8005424e40]
22:51:20.336 5 ACPI.sys[fffff88000f8b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005423050]
22:51:22.949 AVAST engine scan C:\Windows
22:51:30.121 AVAST engine scan C:\Windows\system32
22:54:29.103 AVAST engine scan C:\Windows\system32\drivers
22:54:42.247 AVAST engine scan C:\Users\Александра
22:56:03.401 AVAST engine scan C:\ProgramData
22:57:29.070 Scan finished successfully
22:59:52.019 Disk 0 MBR has been saved successfully to "C:\Users\Александра\Desktop\MBR.dat"
22:59:52.026 The log file has been saved successfully to "C:\Users\Александра\Desktop\aswMBR.txt"


Found the Taskman file in startups, unchecked it. No browsers opened after last reboot :D
I accidentaly downloaded the win updates yesterday - put computer to sleep mode and it immediatelly started updating( Hope it isn't very bad(

Awaiting your further instructions,
Thanks again for all your help,
AL13
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am

Re: Auto redirect - please help!

Unread postby maxi » June 16th, 2012, 11:10 am

Hi AL13, Nearly there :)

Step 1
SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right click SystemLook.exe And select Run as administrator to run it
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :contents
    C:\Windows\TASKMAN.bat
    
    :filefind
    *gamezone.org*
    *gamezona.org*
    
    :Regfind
    gamezone.org
    gamezona.org

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Step 2
Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select "Run as administrator " to run it.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.



Step 3
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:
The systemlook logfile.
The securitycheck logfile.
The eset logfile.
Any outstanding issues you have.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby AL13 » June 17th, 2012, 7:33 am

Hi maxi,
that's great :)

here are the logs:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:38 on 16/06/2012 by Александра
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== contents ==========

C:\Windows\TASKMAN.bat - Opened succesfully.

@echo of
start http://www.gmzona.ru/

========== filefind ==========

Searching for "*gamezone.org*"
No files found.

Searching for "*gamezona.org*"
No files found.

========== Regfind ==========

Searching for "gamezone.org"
No data found.

Searching for "gamezona.org"
No data found.

-= EOF =-


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 9 Adobe Reader out of date!
Google Chrome 12.0.742.112
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - delete file error:Отказано в доступе.

OnlineScanner64.ocx - copy file error :Процесс не может получить доступ к файлу, так как этот файл занят другим процессом.

OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-17 12:04:09
# local_time=2012-06-17 04:04:09 )
# country="Russia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 54884 91516733 0 0
# compatibility_mode=8201 39157181 100 75 44197 44892927 0 0
# scanned=233837
# found=0
# cleaned=0
# scan_time=4566



In case it is of any importance, two lines in russian in eset log mean something like "access denied" and "process cannot access the file because the file is occupied by another process"


kindest regards, AL13
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am

Re: Auto redirect - please help!

Unread postby maxi » June 17th, 2012, 12:38 pm

Hi AL13, Well done, your computer now appears to be malware free :) Just a few more things to do.

Navigate to "C:\Windows\TASKMAN.bat" and delete the file.


Your Adobe Reader is out of date. Uninstall the version you have and you can download the latest versions from here (Make sure you Untick the box offering Mcafee security scan )
You can get the latest flash player from here (Make sure you Untick the box offering Mcafee security scan )

Clean up with OTL

  • Right click OTL.exe and select "run as administrator" to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now remove any tools we used from your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Gary R and Wingman COMPUTER SECURITY - a short guide to staying safer online

Happy surfing and stay clean!

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby AL13 » June 18th, 2012, 3:03 pm

maxi, thanks a lot! I think you and guys from malware are doing a great work here, making the world a better place, actually :) And being helped without being looked down at feels especially nice, as does working on a clean machine :) thanks again :)
AL13
Active Member
 
Posts: 7
Joined: June 11th, 2012, 5:26 am

Re: Auto redirect - please help!

Unread postby maxi » June 18th, 2012, 4:46 pm

Your welcome :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Auto redirect - please help!

Unread postby NonSuch » June 24th, 2012, 3:22 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware