hi everyone!
i have faced the same problem that bobby730 (here: http://forums.whatth...howtopic=127127) faced.
I followed all the steps by Robybel and now have the necessary logs + .zip attached.
Be so kind to help me out with the problem as i've no idea how to fix it.
OTL.txt
OTL logfile created on: 08/11/13 15:06:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vkuznetsov\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd/MM/yy
1,97 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,84% Memory free
3,93 Gb Paging File | 2,89 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 51,87 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 351,70 Gb Free Space | 95,54% Space Free | Partition Type: NTFS
Computer Name: FRIGOSERVE_PC | User Name: vkuznetsov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\vkuznetsov\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_161_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\CCM\SCNotification.exe (Microsoft Corporation)
PRC - C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))
PRC - C:\Program Files\ABBYY Lingvo 12\LvAgent.exe (ABBYY (BIT Software))
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\da33c0e56a0139d84211b72513954735\SCNotification.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\e6148158755bfb61edbfdaeb4f54e113\SCClient.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\790aa3269f6a924303104efe3da6f8af\SCClient.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\644dbdc66a606f0710557f8b1794bc35\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0f881bc8833c56ab7fcfef2bcc244441\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ae268d4c2071d1151ec8e02cd39a3aa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2a21510532f520930dba2d111b4ebb5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aeb0f87b0bc25143473c460d018a96f7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fe3923469740732d7c0c2f35bd1f167e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll ()
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CcmExec) -- C:\Windows\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\CCM\TSManager.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CmRcService) -- C:\Windows\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation)
SRV - (lppsvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
SRV - (lpasvc) -- C:\Program Files\Microsoft Policy Platform\policyHost.exe (Microsoft Corporation)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131107.016\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131107.016\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (prepdrvr) -- C:\Windows\System32\drivers\PrepDrv.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\vkuznetsov\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yan...1787312&text=%s
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{9717a1766cc8ef8ed320ff954572b8cb}: "URL" = http://nova.rambler....ef&words={WORDS}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = workflow.frigoglass.com;smtp.frigoglass.local;crm.frigoglass.com;hfm.frigoglass.group;owa.frigoglass.com;intranet.frigoglass.group;frigonet.frigoglass.group;grathplmdev01.frigoglass.group;Grathplmapl01.frigoglass.group;Grathplmdat01.frigoglass.group;grathnbk03.frigoglass.group;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.60.16:8080
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Яндекс"
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..browser.search.suggest.enabled: true
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.startup.homepage: "http://www.yandex.ru...79&clid=2015152"
FF - prefs.js..keyword.URL: "http://yandex.ru/yan...id=1787312="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_161.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2013/08/29 16:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions
[2013/11/01 08:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\Firefox\Profiles\yandex.default\extensions\staged
[2013/07/02 09:48:54 | 000,007,859 | ---- | M] () -- C:\Users\vkuznetsov\AppData\Roaming\mozilla\firefox\profiles\yandex.default\searchplugins\yandex.ru-094854.xml
[2013/06/13 20:45:26 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - default_search_provider: Яндекс (Enabled)
CHR - default_search_provider: search_url = http://yandex.ru/yan...xt={searchTerms}
CHR - default_search_provider: suggest_url = http://suggest.yande...rt={searchTerms}
CHR - homepage: http://www.yandex.ru/?clid=930634
O1 HOSTS File: ([2009/06/11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files\ABBYY Lingvo 12\Lvagent.exe (ABBYY (BIT Software))
O4 - HKCU..\Run: [Tutor.exe] C:\Program Files\ABBYY Lingvo 12\Tutor.exe (ABBYY (BIT Software))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Перевести с помощью ABBYY Lingvo... - C:\Program Files\ABBYY Lingvo 12\Lingvo.exe (ABBYY (BIT Software))
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)
O15 - HKLM\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)
O15 - HKLM\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)
O15 - HKLM\..Trusted Domains: frigonet ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: grathsps01 ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: *.frigoglass.group ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: frigoglass.group ([frigonet] http in Local intranet)
O15 - HKCU\..Trusted Domains: frigoglass.group ([hfm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: frigoglass.group ([intranet] http in Local intranet)
O15 - HKCU\..Trusted Domains: frigonet ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: grathccmps01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: grathsps01 ([]http in Local intranet)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://3d.stolplit.r...cortvrml165.cab (ParallelGraphics Cortona Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coolruore.frigoglass.group
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{665D7BBF-7CF2-4119-9C46-E7C42948F3A0}: DhcpNameServer = 192.168.60.10
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell - "" = AutoRun
O33 - MountPoints2\{67a0cb2f-3b43-11e1-9d45-d485649ce418}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/08 14:59:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe
[2013/11/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/08 12:22:28 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Doctor Web
[2013/11/08 10:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/08 10:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/05 09:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/05 09:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/05 09:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/01 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\vlc
[2013/11/01 11:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/01 11:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/11/01 08:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinterSoft
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Download, kEepoer
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Download, kEepoer
[2013/11/01 08:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\61f064c042cc6ba4
[2013/11/01 08:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/10/22 13:33:45 | 000,000,000 | R--D | C] -- C:\Users\vkuznetsov\Desktop\FeS & FMS
[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/22 13:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\AppData\Roaming\Notepad++
[2013/10/22 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/10/22 13:01:55 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/22 13:01:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/18 15:02:54 | 000,000,000 | ---D | C] -- C:\Users\vkuznetsov\Documents\My Received Files
[2013/10/14 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2013/10/14 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\{3DA228BE-34DA-49f4-A081-66465B077429}
[2013/10/10 17:26:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/10 17:26:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/10 17:26:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/10 17:26:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/10 17:26:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/10 17:26:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/10 17:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/10 17:26:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 17:17:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/10/10 17:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/10 16:30:14 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 16:30:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/10 16:30:13 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/10 16:30:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 16:30:12 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/10 16:30:05 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/10/10 16:30:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/10/10 16:01:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/10 16:01:58 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/10 16:00:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/10/10 15:57:34 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/10/10 15:57:33 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:57:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/10/10 15:57:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/10/10 15:57:18 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/10 15:57:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/10 15:57:17 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/10 15:57:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/10/10 15:57:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:32:55 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/10/10 15:32:54 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/10/10 15:29:05 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/10/10 15:28:09 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:18:45 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/10/10 15:07:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/10/10 15:01:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/10/10 15:01:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/10/10 15:01:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/10/10 15:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/10 15:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/10/10 15:01:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/10/10 15:01:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/10 15:01:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/10 15:01:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/10/10 14:56:00 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/10/10 14:56:00 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/10/10 12:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012
[2013/10/10 12:13:52 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2013/10/10 12:13:51 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2013/10/10 12:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2013/10/10 12:04:23 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup
========== Files - Modified Within 30 Days ==========
[2013/11/08 15:00:52 | 000,029,667 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\112.PNG
[2013/11/08 15:00:30 | 000,036,427 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\111.PNG
[2013/11/08 14:59:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vkuznetsov\Desktop\OTL.exe
[2013/11/08 14:12:24 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 14:12:24 | 000,016,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 14:07:32 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/11/08 14:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/08 14:05:03 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 11:58:03 | 000,002,192 | -H-- | M] () -- C:\Users\vkuznetsov\Documents\Default.rdp
[2013/11/08 10:06:52 | 000,001,100 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Registry Life.lnk
[2013/11/08 10:04:00 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/05 09:08:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/01 11:20:02 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/01 09:12:35 | 000,019,151 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar
[2013/11/01 09:08:44 | 121,143,745 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac
[2013/10/22 13:12:18 | 000,001,025 | ---- | M] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk
[2013/10/14 12:13:25 | 000,001,745 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/10/14 12:13:17 | 000,685,612 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2013/10/14 12:13:17 | 000,645,360 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/14 12:13:17 | 000,617,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/14 12:13:17 | 000,611,726 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/10/14 12:13:17 | 000,133,020 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2013/10/14 12:13:17 | 000,129,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/14 12:13:17 | 000,121,904 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/10/14 12:13:17 | 000,106,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/14 12:13:17 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2013/10/14 12:13:17 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
[2013/10/11 08:42:37 | 000,005,394 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/10/11 08:38:06 | 000,439,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013/11/08 15:00:52 | 000,029,667 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\112.PNG
[2013/11/08 15:00:30 | 000,036,427 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\111.PNG
[2013/11/08 10:04:00 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/05 09:08:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/01 11:20:02 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/01 09:12:35 | 000,019,151 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Doc_715613adbe474dd096a370fddfaa8245.rar
[2013/11/01 08:57:47 | 121,143,745 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\4. Adagio Sostenuto.flac
[2013/10/22 13:11:01 | 000,001,025 | ---- | C] () -- C:\Users\vkuznetsov\Desktop\Notepad++.lnk
[2013/10/14 12:13:17 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2013/10/14 12:13:17 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2013/10/10 12:15:00 | 000,001,745 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013/08/30 08:22:09 | 000,000,064 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Roaming\WB.CFG
[2012/09/07 10:58:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/09/07 10:58:27 | 000,645,360 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/09/07 10:58:27 | 000,129,918 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/09/07 10:58:27 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/09/07 10:40:47 | 000,611,726 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2012/09/07 10:40:47 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2012/09/07 10:40:47 | 000,121,904 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2012/09/07 10:40:47 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2012/08/24 09:03:15 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/03/05 08:41:58 | 000,004,096 | -H-- | C] () -- C:\Users\vkuznetsov\AppData\Local\keyfile3.drm
[2011/08/30 10:53:57 | 000,000,017 | ---- | C] () -- C:\Users\vkuznetsov\AppData\Local\resmon.resmoncfg
[2011/02/14 15:55:03 | 000,004,146 | RHS- | C] () -- C:\Users\vkuznetsov\ntuser.pol
[2011/02/14 15:54:32 | 000,005,394 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2009/07/14 08:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 05:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 05:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/03/07 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\ChemTable Software
[2013/11/08 14:29:26 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Maxthon3
[2013/10/22 13:12:16 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Notepad++
[2011/02/25 11:25:43 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Opera
[2011/02/21 13:10:15 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\QIP
[2011/02/21 15:54:17 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\rambler.ru
[2012/01/10 09:00:21 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Sony
[2011/04/21 14:16:28 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Xerox
[2013/08/29 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\vkuznetsov\AppData\Roaming\Yandex
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 05:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 09:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 09:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 16:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 09:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 09:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 10:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/14 05:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 05:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 05:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 10:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 09:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 16:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 05:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-60Z1A0 ATA Device
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Multi Flash Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 98,00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 368,00GB
Starting Offset: 104858648576
Hidden sectors: 0
< >
[2009/07/14 08:53:46 | 000,032,648 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 08:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
< End of report >
OTL Extras logfile created on: 08/11/13 15:06:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vkuznetsov\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd/MM/yy
1,97 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,84% Memory free
3,93 Gb Paging File | 2,89 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 51,87 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 351,70 Gb Free Space | 95,54% Space Free | Partition Type: NTFS
Computer Name: FRIGOSERVE_PC | User Name: vkuznetsov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05118944-51A3-42FB-9F22-E2E7CCE619B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17ED74F6-6247-4EEF-A373-B17BC8607D39}" = lport=3389 | protocol=6 | dir=in | app=system |
"{300C5209-C21A-4954-B04C-3D1B3C4D8695}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{31E8A7F2-2680-4739-8EAA-F6E56268ABF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{430FB9CA-EA5A-4638-AAF0-2586E045BF6E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4AFD2F8D-15B0-4B70-8C00-B38EC0D21A88}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F4CA4C3-C7F0-4F96-89BB-29F5DE2D954E}" = rport=445 | protocol=6 | dir=out | app=system |
"{694A2085-9693-4863-99C9-480D759D6E32}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A800264-9500-4390-A60B-F8F111E9A5DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B16FD49-8DA6-4672-ABE7-EDD843D8046D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7113539F-C52E-4B29-ACE4-A484B6B10E18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EE58DA6-6530-4EC5-80B2-69AF6B714F04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{827D6216-4018-43A9-B15A-7B496B87BD70}" = lport=137 | protocol=17 | dir=in | app=system |
"{83930A4B-B134-493C-BF7A-27C063E5D413}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B29D256-13E4-4F91-86C1-98FA6066FC58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9052F53E-8864-47D4-9125-9C5CB84898BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A789A6A3-0042-48B1-A24F-12F06452E7AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A79E3518-6495-4E1B-A1F8-F2572B12ED07}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8913273-EF48-46CA-AD33-169DC50A35B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B39C9C67-2870-452A-A243-C9C2B53C0CBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA059384-C138-41E6-959A-4AB5A81A70FF}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA01F1A6-E0CB-419B-9B74-99C5B50ADD0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F04C9BB2-407C-4AAF-B770-E1852A00F323}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D37484-395A-4C24-A9A3-3538A5120B44}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{16FB0136-931A-4C7F-B540-1047C8788FDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24F9B451-7373-41A1-94D3-62D717C46BA1}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{2E1054C3-FF72-4FD1-800A-7CDE4EB0D7F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E17CB1B-7F0A-4978-9248-DE77A97B1EE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{2F04718E-2584-41C6-A562-D73EBD0D6673}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{330DFEC6-A3AA-49F6-ABD4-09CB7C9C2CBD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3E10AFF4-BE2F-4427-845D-6045333C7642}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{3ED8B05C-4C42-4CFA-BF45-7BC5DFABC36E}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{424CF830-835A-40FE-9311-CA9AD2C7E96C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4D3904F8-6195-40D1-BDFA-B6A8369BAEEE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4D94F2B3-7927-45C1-8256-1E99C7F349ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4F2A87BB-BE3F-4623-A8A0-A18B629DB6E9}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{50693FF4-78D3-4199-9E00-B87B80D21634}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{5F03D9D8-0662-48A5-A2BA-1FDD5416C315}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{6990DDBF-04DE-4243-8D4B-BDA704F0E73F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80653827-323B-45ED-993B-1A22DDEEDFB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8176239F-FD66-452B-B252-CD8A2E71084D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A552AD38-8194-4924-88B3-BB4566600C82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B010DFB1-F2AF-4C00-8E42-0925AA2CA643}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2883780-43D2-4009-996C-5896128947B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEC107F6-02FA-4BB4-A1F7-3081B86BBD89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{C4751E4D-62A3-4041-9B67-7828B009BB4C}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{D6F65CE4-34EE-4872-862D-59720DD72A37}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{DB232EE1-9B2A-4B1A-80E0-1DFAB13FCE2B}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{E84AFB1E-C40C-48A0-9D7C-8ECD5EAC87A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F6C5ED4E-875C-49F9-AD63-8C431EE16B9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F9BF639B-300E-4151-9743-E727DA273A03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF0035D7-095A-4970-828E-5D128ADBC0D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FF70BC3E-4336-4256-A7C2-E609A4774ADC}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{045BCAD4-3EBF-4D4E-8166-6B735F5AA298}" = Baan IV BW
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Поддержка программ Apple
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82491233-0FDD-459D-B8DF-C22AD344AAD0}" = Network Scanner Utility 3
"{841D3037-A25B-4783-97D9-A3A6D40D42DC}" = Microsoft Policy Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90150000-012C-0000-0000-0000000FF1CE}" = Microsoft Lync 2013
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1200000-0002-0000-0000-074957833700}" = ABBYY Lingvo 12 European Edition
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{C8EBB0DE-5655-4D32-99E1-9447E702A89F}" = iTunes
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD794BF1-657D-43B6-B183-603277B8D6C8}" = Configuration Manager Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{82491233-0FDD-459D-B8DF-C22AD344AAD0}" = Xerox Network Scanner Utility 3
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Notepad++" = Notepad++
"Office15.LYNC" = Microsoft Lync 2013
"Opera 12.15.1748" = Opera 12.15
"Registry Life_is1" = Registry Life version 1.64
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 4.20 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"SuperFast Browser" = SuperFast Browser
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 10/10/12 8:25:02 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3373
seconds with 2460 seconds of active time. This session ended with a crash.
Error - 16/04/13 1:32:10 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26/04/13 6:20:28 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3517
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08/11/13 6:05:09 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain COOLRUORE due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.
Error - 08/11/13 6:05:10 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
Error - 08/11/13 6:05:23 | Computer Name = frigoserve_pc.coolruore.frigoglass.group | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
< End of report >
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-08 15:34:26
-----------------------------
15:34:26.797 OS Version: Windows 6.1.7601 Service Pack 1
15:34:26.797 Number of processors: 2 586 0x170A
15:34:26.797 ComputerName: FRIGOSERVE_PC UserName: vkuznetsov
15:34:28.207 Initialize success
15:41:18.962 AVAST engine defs: 13110601
15:42:51.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:42:51.177 Disk 0 Vendor: WDC_WD5000AAKS-60Z1A0 06.01D06 Size: 476940MB BusType: 3
15:42:51.292 Disk 0 MBR read successfully
15:42:51.294 Disk 0 MBR scan
15:42:51.349 Disk 0 Windows 7 default MBR code
15:42:51.349 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:42:51.369 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
15:42:51.389 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
15:42:51.389 Disk 0 scanning sectors +976771072
15:42:51.459 Disk 0 scanning C:\Windows\system32\drivers
15:43:03.678 Service scanning
15:43:27.614 Modules scanning
15:43:36.465 Disk 0 trace - called modules:
15:43:36.815 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:43:36.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a1e1c8]
15:43:36.825 3 CLASSPNP.SYS[88bb559e] -> nt!IofCallDriver -> [0x859537a8]
15:43:36.835 5 ACPI.sys[888a03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85948908]
15:43:38.397 AVAST engine scan C:\Windows
15:43:40.683 AVAST engine scan C:\Windows\system32
15:47:21.974 AVAST engine scan C:\Windows\system32\drivers
15:47:48.108 AVAST engine scan C:\Users\vkuznetsov
15:50:10.751 AVAST engine scan C:\ProgramData
15:51:14.490 Scan finished successfully
15:53:33.382 Disk 0 MBR has been saved successfully to "C:\Users\vkuznetsov\Desktop\MBR.dat"
15:53:33.382 The log file has been saved successfully to "C:\Users\vkuznetsov\Desktop\aswMBR.txt"
and the MBR.dat attached.
Looking forward to hearing from You.
Thank You in advance!