:processes
:OTL
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/search
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=10182&bi=400
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10182&bi=400
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=10182&bi=400
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\..\SearchScopes\{95F663C0-C370-4955-8B39-63069DB1F6C0}: "URL" = http://webalta.ru/search?q={searchTerms}&from=IE
IE - HKU\S-1-5-21-1343024091-362288127-1801674531-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=10182&bi=400&q={searchTerms}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\VKSaver\vksaver3.dll) - C:\Documents and Settings\All Users\Application Data\VKSaver\VKSAVER3.DLL (AudioVkontakte.ru)
[2011.12.10 03:10:27 | 000,002,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cf
[2011.10.31 20:41:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\operaprefs_fixed.ini
[2011.05.09 15:13:39 | 000,494,024 | ---- | C] () -- C:\Documents and Settings\User\Application Data\BA1D69Aa
[2011.05.09 15:13:39 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ba1d658a
[2011.05.03 20:49:17 | 000,040,180 | ---- | C] () -- C:\Documents and Settings\User\Application Data\BA1DD10a
[2012.08.22 20:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VKSaver
[2012.04.14 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\anAzAG6XQqpncUh
[2011.10.23 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\F44F2B50(2)
[2011.05.16 01:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\f44f2d8a
[2012.02.07 12:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\kFv3DjpT2zqFVM5
[2011.10.25 00:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\KYL
[2012.01.30 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MicroST
[2011.10.17 20:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SkyMonk
:Services
:Files
autorun.inf /alldrives
recycler /alldrives
ipconfig /flushdns /c
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VKMusic 4_is1"=-
[HKEY_USERS\S-1-5-21-1343024091-362288127-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Webalta Toolbar"=-
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[EMPTYTEMP]
[purity]
[start explorer]
[Reboot]